From bd8aa8fe2816497362ba0db884666e73c88826b3 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Tue, 18 Feb 2020 17:39:31 -0300 Subject: [PATCH 001/144] CVE-2020-1738 --- 2020/1xxx/CVE-2020-1738.json | 61 +++++++++++++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 4 deletions(-) diff --git a/2020/1xxx/CVE-2020-1738.json b/2020/1xxx/CVE-2020-1738.json index db7f49437f4..b134026da8a 100644 --- a/2020/1xxx/CVE-2020-1738.json +++ b/2020/1xxx/CVE-2020-1738.json @@ -4,15 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1738", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psampaio@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "ansible", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-88" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.9/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From 2cb7deee02294d8cd2b55443a285bcf23ce13c31 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Tue, 18 Feb 2020 17:44:12 -0300 Subject: [PATCH 002/144] CVE-2020-1740 --- 2020/1xxx/CVE-2020-1740.json | 61 +++++++++++++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 4 deletions(-) diff --git a/2020/1xxx/CVE-2020-1740.json b/2020/1xxx/CVE-2020-1740.json index d5e7b4b4c93..d579be83772 100644 --- a/2020/1xxx/CVE-2020-1740.json +++ b/2020/1xxx/CVE-2020-1740.json @@ -4,15 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1740", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psampaio@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "ansible", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-377" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.9/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From 009d252a34129e27751bff308d02a3261150d78e Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Tue, 18 Feb 2020 17:47:58 -0300 Subject: [PATCH 003/144] CVE-2020-1735 --- 2020/1xxx/CVE-2020-1735.json | 61 +++++++++++++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 4 deletions(-) diff --git a/2020/1xxx/CVE-2020-1735.json b/2020/1xxx/CVE-2020-1735.json index 7069a63a4ff..217515c0b2b 100644 --- a/2020/1xxx/CVE-2020-1735.json +++ b/2020/1xxx/CVE-2020-1735.json @@ -4,15 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1735", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psampaio@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "ansible", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.2/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From 1d728b2ba91aca991e304b9f6bbf451974b10112 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Tue, 18 Feb 2020 17:50:46 -0300 Subject: [PATCH 004/144] CVE-2020-1736 --- 2020/1xxx/CVE-2020-1736.json | 61 +++++++++++++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 4 deletions(-) diff --git a/2020/1xxx/CVE-2020-1736.json b/2020/1xxx/CVE-2020-1736.json index d2a8f90f1d7..fe2139defda 100644 --- a/2020/1xxx/CVE-2020-1736.json +++ b/2020/1xxx/CVE-2020-1736.json @@ -4,15 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psampaio@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "ansible", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "2.2/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From 1e8189b501d3e7713d4df8a056b0640b5752ffbf Mon Sep 17 00:00:00 2001 From: Sam Huckins Date: Mon, 9 Mar 2020 12:04:44 -0500 Subject: [PATCH 005/144] JSON content for CVE-2019-5648 --- 2019/5xxx/CVE-2019-5648.json | 90 ++++++++++++++++++++++++++++++++++-- 1 file changed, 86 insertions(+), 4 deletions(-) diff --git a/2019/5xxx/CVE-2019-5648.json b/2019/5xxx/CVE-2019-5648.json index 40bf362b968..335673baca0 100644 --- a/2019/5xxx/CVE-2019-5648.json +++ b/2019/5xxx/CVE-2019-5648.json @@ -1,9 +1,41 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cve@rapid7.com", + "DATE_PUBLIC": "2020-03-05T09:00:00.000Z", "ID": "CVE-2019-5648", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "LDAP Credential Exposure in Barracuda Load Balancer ADC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Load Balancer ADC", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.5" + } + ] + } + } + ] + }, + "vendor_name": "Barracuda" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered by Steve Campbell (@lpha3ch0). It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)." + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +43,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficiently Protected Credentials (CWE-522)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/" + }, + { + "refsource": "CONFIRM", + "url": "https://campus.barracuda.com/product/webapplicationfirewall/doc/90444925/release-notes-version-10-0-1/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Administrators should ensure that their Barracuda Load Balancer ADC is on either a 6.3.x or 6.4.x version so that the patch can be applied through Barracuda's automated security patching system. Ensure that you have not intentionally disabled the security update system. Administrators should update their Barracuda Load Balancer ADC devices to the latest firmware versions as they become available. Version 6.5 will ship with the patch for CVE-2019-5648." + } + ], + "source": { + "advisory": "R7-2019-39", + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From eb4b4b1e79def8a2256debfe18d3f140819e8aee Mon Sep 17 00:00:00 2001 From: Siemens ProductCERT Date: Tue, 10 Mar 2020 10:48:41 +0100 Subject: [PATCH 006/144] Siemens CVE update for Siemens-AD-2020-03 --- 2016/9xxx/CVE-2016-9158.json | 86 +++++++++--- 2016/9xxx/CVE-2016-9159.json | 106 +++++++++++--- 2018/4xxx/CVE-2018-4832.json | 4 +- 2019/10xxx/CVE-2019-10923.json | 4 +- 2019/10xxx/CVE-2019-10929.json | 56 ++++---- 2019/10xxx/CVE-2019-10936.json | 4 +- 2019/10xxx/CVE-2019-10943.json | 34 ++++- 2019/13xxx/CVE-2019-13924.json | 2 +- 2019/13xxx/CVE-2019-13925.json | 2 +- 2019/13xxx/CVE-2019-13926.json | 2 +- 2019/13xxx/CVE-2019-13940.json | 4 +- 2019/13xxx/CVE-2019-13941.json | 2 +- 2019/13xxx/CVE-2019-13946.json | 12 +- 2019/18xxx/CVE-2019-18283.json | 4 +- 2019/18xxx/CVE-2019-18284.json | 4 +- 2019/18xxx/CVE-2019-18285.json | 4 +- 2019/18xxx/CVE-2019-18286.json | 4 +- 2019/18xxx/CVE-2019-18287.json | 4 +- 2019/18xxx/CVE-2019-18288.json | 4 +- 2019/18xxx/CVE-2019-18289.json | 2 +- 2019/18xxx/CVE-2019-18290.json | 2 +- 2019/18xxx/CVE-2019-18291.json | 2 +- 2019/18xxx/CVE-2019-18292.json | 2 +- 2019/18xxx/CVE-2019-18293.json | 2 +- 2019/18xxx/CVE-2019-18294.json | 2 +- 2019/18xxx/CVE-2019-18295.json | 2 +- 2019/18xxx/CVE-2019-18296.json | 2 +- 2019/18xxx/CVE-2019-18297.json | 2 +- 2019/18xxx/CVE-2019-18298.json | 2 +- 2019/18xxx/CVE-2019-18299.json | 2 +- 2019/18xxx/CVE-2019-18300.json | 2 +- 2019/18xxx/CVE-2019-18301.json | 2 +- 2019/18xxx/CVE-2019-18302.json | 2 +- 2019/18xxx/CVE-2019-18303.json | 2 +- 2019/18xxx/CVE-2019-18304.json | 2 +- 2019/18xxx/CVE-2019-18305.json | 2 +- 2019/18xxx/CVE-2019-18306.json | 2 +- 2019/18xxx/CVE-2019-18307.json | 2 +- 2019/18xxx/CVE-2019-18308.json | 2 +- 2019/18xxx/CVE-2019-18309.json | 2 +- 2019/18xxx/CVE-2019-18310.json | 2 +- 2019/18xxx/CVE-2019-18311.json | 2 +- 2019/18xxx/CVE-2019-18312.json | 2 +- 2019/18xxx/CVE-2019-18313.json | 2 +- 2019/18xxx/CVE-2019-18314.json | 4 +- 2019/18xxx/CVE-2019-18315.json | 4 +- 2019/18xxx/CVE-2019-18316.json | 4 +- 2019/18xxx/CVE-2019-18317.json | 4 +- 2019/18xxx/CVE-2019-18318.json | 4 +- 2019/18xxx/CVE-2019-18319.json | 4 +- 2019/18xxx/CVE-2019-18320.json | 4 +- 2019/18xxx/CVE-2019-18321.json | 2 +- 2019/18xxx/CVE-2019-18322.json | 2 +- 2019/18xxx/CVE-2019-18323.json | 2 +- 2019/18xxx/CVE-2019-18324.json | 2 +- 2019/18xxx/CVE-2019-18325.json | 2 +- 2019/18xxx/CVE-2019-18326.json | 2 +- 2019/18xxx/CVE-2019-18327.json | 2 +- 2019/18xxx/CVE-2019-18328.json | 2 +- 2019/18xxx/CVE-2019-18329.json | 2 +- 2019/18xxx/CVE-2019-18330.json | 2 +- 2019/18xxx/CVE-2019-18331.json | 4 +- 2019/18xxx/CVE-2019-18332.json | 4 +- 2019/18xxx/CVE-2019-18333.json | 4 +- 2019/18xxx/CVE-2019-18334.json | 4 +- 2019/18xxx/CVE-2019-18335.json | 4 +- 2019/18xxx/CVE-2019-18336.json | 71 ++++++++++ 2019/19xxx/CVE-2019-19277.json | 55 +++++++- 2019/19xxx/CVE-2019-19279.json | 55 +++++++- 2019/19xxx/CVE-2019-19281.json | 75 +++++++++- 2019/19xxx/CVE-2019-19282.json | 245 ++++++++++++++++++++++++++++++++- 2019/19xxx/CVE-2019-19290.json | 65 ++++++++- 2019/19xxx/CVE-2019-19291.json | 65 ++++++++- 2019/19xxx/CVE-2019-19292.json | 65 ++++++++- 2019/19xxx/CVE-2019-19293.json | 65 ++++++++- 2019/19xxx/CVE-2019-19294.json | 65 ++++++++- 2019/19xxx/CVE-2019-19295.json | 65 ++++++++- 2019/19xxx/CVE-2019-19296.json | 65 ++++++++- 2019/19xxx/CVE-2019-19297.json | 65 ++++++++- 2019/19xxx/CVE-2019-19298.json | 65 ++++++++- 2019/19xxx/CVE-2019-19299.json | 65 ++++++++- 2019/6xxx/CVE-2019-6568.json | 4 +- 2019/6xxx/CVE-2019-6575.json | 6 +- 2019/6xxx/CVE-2019-6585.json | 81 ++++++++++- 2020/7xxx/CVE-2020-7579.json | 55 +++++++- 85 files changed, 1511 insertions(+), 246 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18336.json diff --git a/2016/9xxx/CVE-2016-9158.json b/2016/9xxx/CVE-2016-9158.json index 90f6b2583c8..4ca4830d27e 100644 --- a/2016/9xxx/CVE-2016-9158.json +++ b/2016/9xxx/CVE-2016-9158.json @@ -4,46 +4,82 @@ "ID": "CVE-2016-9158", "STATE": "PUBLIC" }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Siemens AG", "product": { "product_data": [ { - "product_name": "SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family", + "product_name": "SIMATIC S7-300 CPU family", "version": { "version_data": [ { - "version_value": "SIMATIC S7-300 CPU family : All versions" - }, + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "version": { + "version_data": [ { - "version_value": "SIMATIC S7-400 V6 and earlier CPU family : All versions" - }, + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ { - "version_value": "SIMATIC S7-400 V7 CPU family : All versions" + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 V6 and earlier CPU family", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 V7 CPU family", + "version": { + "version_data": [ + { + "version_value": "All versions" } ] } } ] - }, - "vendor_name": "Siemens AG" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family. Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system. This vulnerability affects all SIMATIC S7-300 PN CPUs, and all SIMATIC S7-400 PN V6 and V7 CPUs." - } - ] - }, "problemtype": { "problemtype_data": [ { @@ -56,6 +92,14 @@ } ] }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system." + } + ] + }, "references": { "reference_data": [ { @@ -77,6 +121,10 @@ "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf", "refsource": "CONFIRM", "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf" + }, + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf" } ] } diff --git a/2016/9xxx/CVE-2016-9159.json b/2016/9xxx/CVE-2016-9159.json index 12291909c06..a866897e8e3 100644 --- a/2016/9xxx/CVE-2016-9159.json +++ b/2016/9xxx/CVE-2016-9159.json @@ -4,46 +4,102 @@ "ID": "CVE-2016-9159", "STATE": "PUBLIC" }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Siemens AG", "product": { "product_data": [ { - "product_name": "SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family", + "product_name": "SIMATIC S7-300 CPU family", "version": { "version_data": [ { - "version_value": "SIMATIC S7-300 CPU family : All versions" - }, + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "version": { + "version_data": [ { - "version_value": "SIMATIC S7-400 V6 and earlier CPU family : All versions" - }, + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ { - "version_value": "SIMATIC S7-400 V7 CPU family : All versions" + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 V6 and earlier CPU family", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 V7 CPU family", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-410 V8 CPU family", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" } ] } } ] - }, - "vendor_name": "Siemens AG" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family. An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. This vulnerability affects all listed affected products." - } - ] - }, "problemtype": { "problemtype_data": [ { @@ -56,6 +112,14 @@ } ] }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices." + } + ] + }, "references": { "reference_data": [ { @@ -77,6 +141,10 @@ "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf", "refsource": "CONFIRM", "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf" + }, + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf" } ] } diff --git a/2018/4xxx/CVE-2018-4832.json b/2018/4xxx/CVE-2018-4832.json index b7776b53a7f..abf8e69f110 100644 --- a/2018/4xxx/CVE-2018-4832.json +++ b/2018/4xxx/CVE-2018-4832.json @@ -279,7 +279,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -306,7 +306,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could\ncause a Denial-of-Service condition on the remote and local communication functionality of the\naffected products. A reboot of the system is required to recover the remote and local \ncommunication functionality.\n\nPlease note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" } ] }, diff --git a/2019/10xxx/CVE-2019-10923.json b/2019/10xxx/CVE-2019-10923.json index 0377b5f0277..1a1943b6f5b 100644 --- a/2019/10xxx/CVE-2019-10923.json +++ b/2019/10xxx/CVE-2019-10923.json @@ -159,7 +159,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V3.X.17" } ] } @@ -386,7 +386,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC CP1604 (All versions < V2.8), SIMATIC CP1616 (All versions < V2.8), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations." + "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC CP1604 (All versions < V2.8), SIMATIC CP1616 (All versions < V2.8), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a\nDenial-of-Service condition by breaking the real-time synchronization (IRT)\nof the affected installation.\n\nThe security vulnerability could be exploited by an unauthenticated attacker\nwith network access to the affected installation. No user interaction is\nrequired to exploit this security vulnerability. The vulnerability impacts\nthe availability of the affected installations.\n" } ] }, diff --git a/2019/10xxx/CVE-2019-10929.json b/2019/10xxx/CVE-2019-10929.json index 4f7d7aa4a05..9c8c50406f2 100644 --- a/2019/10xxx/CVE-2019-10929.json +++ b/2019/10xxx/CVE-2019-10929.json @@ -24,6 +24,26 @@ ] } }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions <= 20.8" + } + ] + } + }, { "product_name": "SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC", "version": { @@ -59,7 +79,7 @@ "version": { "version_data": [ { - "version_value": "All versions < V16" + "version_value": "All versions" } ] } @@ -84,6 +104,16 @@ ] } }, + { + "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant)", + "version": { + "version_data": [ + { + "version_value": "All versions <= V2.8.1" + } + ] + } + }, { "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant)", "version": { @@ -99,7 +129,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions <= V20.8" } ] } @@ -134,16 +164,6 @@ ] } }, - { - "product_name": "SIMATIC WinCC OA", - "version": { - "version_data": [ - { - "version_value": "All versions <= 3.16 patch version 12" - } - ] - } - }, { "product_name": "SIMATIC WinCC Runtime Advanced", "version": { @@ -164,16 +184,6 @@ ] } }, - { - "product_name": "TIM 1531 IRC (incl. SIPLUS NET variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V2.1" - } - ] - } - }, { "product_name": "TIM 1531 IRC (incl. SIPLUS variant)", "version": { @@ -206,7 +216,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions < V16), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC OA (All versions <= 3.16 patch version 12), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication." + "value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network\ntraffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC\nS7-1500 and SIMATIC SoftwareController CPU families, due to certain\nproperties in the calculation used for integrity protection. \n\nIn order to exploit the vulnerability, an attacker must be able to perform a\nMan-in-the-Middle attack. The vulnerability could impact the integrity of the\ncommunication. \n\nNo public exploitation of the vulnerability was known at the time of advisory\npublication.\n" } ] }, diff --git a/2019/10xxx/CVE-2019-10936.json b/2019/10xxx/CVE-2019-10936.json index 4e47edac6a7..662b7501851 100644 --- a/2019/10xxx/CVE-2019-10936.json +++ b/2019/10xxx/CVE-2019-10936.json @@ -339,7 +339,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V3.X.17" } ] } @@ -576,7 +576,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200AL (incl. SIPLUS variants), SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0), SIMATIC ET200pro, SIMATIC ET200pro (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200AL (incl. SIPLUS variants), SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0), SIMATIC ET200pro, SIMATIC ET200pro (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker\nto trigger a denial-of-service condition. The vulnerability can be triggered \nif a large amount of specially crafted UDP packets are sent to device.\n\nThe security vulnerability could be exploited by an attacker with network \naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" } ] }, diff --git a/2019/10xxx/CVE-2019-10943.json b/2019/10xxx/CVE-2019-10943.json index 890883ba399..3dab1244d58 100644 --- a/2019/10xxx/CVE-2019-10943.json +++ b/2019/10xxx/CVE-2019-10943.json @@ -14,6 +14,26 @@ "vendor_name": "Siemens AG", "product": { "product_data": [ + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions <= 20.8" + } + ] + } + }, { "product_name": "SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC", "version": { @@ -54,6 +74,16 @@ ] } }, + { + "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant)", + "version": { + "version_data": [ + { + "version_value": "All versions <= V2.8.1" + } + ] + } + }, { "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant)", "version": { @@ -69,7 +99,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions <= V20.8" } ] } @@ -96,7 +126,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication." + "value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8). An attacker with network access to port 102/tcp could potentially modify the\nuser program on the PLC in a way that the running code is different from the\nsource code which is stored on the device.\n\nAn attacker must have network access to affected devices and must be able to\nperform changes to the user program. The vulnerability could impact the\nperceived integrity of the user program stored on the CPU. An engineer that\ntries to obtain the code of the user program running on the device, can\nreceive different source code that is not actually running on the device.\n\nNo public exploitation of the vulnerability was known at the time of advisory\npublication.\n" } ] }, diff --git a/2019/13xxx/CVE-2019-13924.json b/2019/13xxx/CVE-2019-13924.json index 491f2d7b930..28231a798e1 100644 --- a/2019/13xxx/CVE-2019-13924.json +++ b/2019/13xxx/CVE-2019-13924.json @@ -66,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web\ninterface, which makes it vulnerable to Clickjacking attacks. \n\nThe security vulnerability could be exploited by an attacker that is able\nto trick an administrative user with a valid session on the target device into\nclicking on a website controlled by the attacker. The vulnerability could\nallow an attacker to perform administrative actions via the web interface.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/13xxx/CVE-2019-13925.json b/2019/13xxx/CVE-2019-13925.json index 0e4db3fdb96..af451eb282d 100644 --- a/2019/13xxx/CVE-2019-13925.json +++ b/2019/13xxx/CVE-2019-13925.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server." + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could \ncause a Denial-of-Service condition of the web server. \n" } ] }, diff --git a/2019/13xxx/CVE-2019-13926.json b/2019/13xxx/CVE-2019-13926.json index d3bffdc1ccf..552545495d4 100644 --- a/2019/13xxx/CVE-2019-13926.json +++ b/2019/13xxx/CVE-2019-13926.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device." + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could \ncause a Denial-of-Service condition of the web server. A cold reboot is \nrequired to restore the functionality of the device.\n" } ] }, diff --git a/2019/13xxx/CVE-2019-13940.json b/2019/13xxx/CVE-2019-13940.json index ec81cb221ec..8991c796eb9 100644 --- a/2019/13xxx/CVE-2019-13940.json +++ b/2019/13xxx/CVE-2019-13940.json @@ -29,7 +29,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V3.X.17" } ] } @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions). Affected devices contain a vulnerability that could cause a Denial-of-Service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device\u2019s web server. Beyond the web service, no other functions or interfaces are affected by the Denial-of-Service condition." + "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions). Affected devices contain a vulnerability that could cause a Denial-of-Service condition of the web server\nby sending specially crafted HTTP requests to ports 80/tcp and 443/tcp.\n\nThe security vulnerability could be exploited by an attacker with network access to an affected device.\nSuccessful exploitation requires no system privileges and no user interaction. An attacker could use\nthe vulnerability to compromise the availability of the device\u2019s web server.\nBeyond the web service, no other functions or interfaces are affected by the Denial-of-Service condition.\n" } ] }, diff --git a/2019/13xxx/CVE-2019-13941.json b/2019/13xxx/CVE-2019-13941.json index 1bb4e87d928..f9a43c1834b 100644 --- a/2019/13xxx/CVE-2019-13941.json +++ b/2019/13xxx/CVE-2019-13941.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system." + "value": "A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for\nproject files that legitimately authenticated users have created by\nusing the application's export function.\nBy accessing a specific uniform resource locator on the web server,\na remote attacker could be able to download a project file without prior\nauthentication.\n\nThe security vulnerability could be exploited by an unauthenticated attacker\nwith network access to the affected system.\nNo user interaction is required to exploit this security vulnerability.\nSuccessful exploitation of the security vulnerability compromises the\nconfidentiality of the targeted system.\n" } ] }, diff --git a/2019/13xxx/CVE-2019-13946.json b/2019/13xxx/CVE-2019-13946.json index bbe2d5c81fe..513618b593b 100644 --- a/2019/13xxx/CVE-2019-13946.json +++ b/2019/13xxx/CVE-2019-13946.json @@ -413,6 +413,16 @@ } ] } + }, + { + "product_name": "SOFTNET-IE PNIO", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } } ] } @@ -436,7 +446,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit\ninternal resource allocation when multiple legitimate diagnostic package\nrequests are sent to the DCE-RPC interface.\nThis could lead to a denial of service condition due to lack of memory\nfor devices that include a vulnerable version of the stack.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device.\n" } ] }, diff --git a/2019/18xxx/CVE-2019-18283.json b/2019/18xxx/CVE-2019-18283.json index ff51dcc329b..7ed0bdfa672 100644 --- a/2019/18xxx/CVE-2019-18283.json +++ b/2019/18xxx/CVE-2019-18283.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An\nattacker can gain remote code execution by sending specifically crafted\nobjects to one of its functions.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18284.json b/2019/18xxx/CVE-2019-18284.json index c1be53868c1..af43fd1f0ca 100644 --- a/2019/18xxx/CVE-2019-18284.json +++ b/2019/18xxx/CVE-2019-18284.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An\nattacker can use methods exposed via this interface to receive password hashes\nof other users and to change user passwords.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18285.json b/2019/18xxx/CVE-2019-18285.json index d5facae6fe1..014453ceca5 100644 --- a/2019/18xxx/CVE-2019-18285.json +++ b/2019/18xxx/CVE-2019-18285.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is\nunencrypted. An attacker with access to the communication channel can\nread credentials of a valid user.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18286.json b/2019/18xxx/CVE-2019-18286.json index ee7df4febca..147186aebca 100644 --- a/2019/18xxx/CVE-2019-18286.json +++ b/2019/18xxx/CVE-2019-18286.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing\nsensitive information.\n\nThis vulnerability is independent from CVE-2019-18287.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18287.json b/2019/18xxx/CVE-2019-18287.json index 334f8930521..d19fe6a5fa4 100644 --- a/2019/18xxx/CVE-2019-18287.json +++ b/2019/18xxx/CVE-2019-18287.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing\nsensitive information.\n\nThis vulnerability is independent from CVE-2019-18286.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18288.json b/2019/18xxx/CVE-2019-18288.json index 9cf10ef349c..b3dca80a651 100644 --- a/2019/18xxx/CVE-2019-18288.json +++ b/2019/18xxx/CVE-2019-18288.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to\ngain remote code execution through an unsecured file upload.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18289.json b/2019/18xxx/CVE-2019-18289.json index 7987761f9ee..3fe19bea497 100644 --- a/2019/18xxx/CVE-2019-18289.json +++ b/2019/18xxx/CVE-2019-18289.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18290.json b/2019/18xxx/CVE-2019-18290.json index cdc93cd687b..799022c388d 100644 --- a/2019/18xxx/CVE-2019-18290.json +++ b/2019/18xxx/CVE-2019-18290.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18291.json b/2019/18xxx/CVE-2019-18291.json index 23ceed86152..d70190eaf5f 100644 --- a/2019/18xxx/CVE-2019-18291.json +++ b/2019/18xxx/CVE-2019-18291.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18292.json b/2019/18xxx/CVE-2019-18292.json index 6e0b275790b..00eac159f48 100644 --- a/2019/18xxx/CVE-2019-18292.json +++ b/2019/18xxx/CVE-2019-18292.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18293.json b/2019/18xxx/CVE-2019-18293.json index 8e50810867b..3764c9e1803 100644 --- a/2019/18xxx/CVE-2019-18293.json +++ b/2019/18xxx/CVE-2019-18293.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18294.json b/2019/18xxx/CVE-2019-18294.json index 9601dee50c4..1058fd3076e 100644 --- a/2019/18xxx/CVE-2019-18294.json +++ b/2019/18xxx/CVE-2019-18294.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18295.json b/2019/18xxx/CVE-2019-18295.json index e302232459a..a89adca7a6d 100644 --- a/2019/18xxx/CVE-2019-18295.json +++ b/2019/18xxx/CVE-2019-18295.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18296.json b/2019/18xxx/CVE-2019-18296.json index 7d123c58336..821546c2473 100644 --- a/2019/18xxx/CVE-2019-18296.json +++ b/2019/18xxx/CVE-2019-18296.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18297.json b/2019/18xxx/CVE-2019-18297.json index a6d4e7fe662..9567b1d6e4a 100644 --- a/2019/18xxx/CVE-2019-18297.json +++ b/2019/18xxx/CVE-2019-18297.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain\nroot privileges\nby sending specifically crafted packets to a named pipe.\n\nPlease note that an attacker needs to have local access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18298.json b/2019/18xxx/CVE-2019-18298.json index c82777ccc48..975ad1f980f 100644 --- a/2019/18xxx/CVE-2019-18298.json +++ b/2019/18xxx/CVE-2019-18298.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18299.json b/2019/18xxx/CVE-2019-18299.json index 4cdf1288c0a..9be1e4b5e4b 100644 --- a/2019/18xxx/CVE-2019-18299.json +++ b/2019/18xxx/CVE-2019-18299.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18300.json b/2019/18xxx/CVE-2019-18300.json index 19f0c5da93b..5758f4ca060 100644 --- a/2019/18xxx/CVE-2019-18300.json +++ b/2019/18xxx/CVE-2019-18300.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18301.json b/2019/18xxx/CVE-2019-18301.json index d9ebcca1176..db779bb3613 100644 --- a/2019/18xxx/CVE-2019-18301.json +++ b/2019/18xxx/CVE-2019-18301.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18302.json b/2019/18xxx/CVE-2019-18302.json index 6ed14eb95e3..502933df977 100644 --- a/2019/18xxx/CVE-2019-18302.json +++ b/2019/18xxx/CVE-2019-18302.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18303.json b/2019/18xxx/CVE-2019-18303.json index fec587ad7ef..b5ae68b29d4 100644 --- a/2019/18xxx/CVE-2019-18303.json +++ b/2019/18xxx/CVE-2019-18303.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18304.json b/2019/18xxx/CVE-2019-18304.json index 8fa985c40fa..e073c76d1ba 100644 --- a/2019/18xxx/CVE-2019-18304.json +++ b/2019/18xxx/CVE-2019-18304.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18305.json b/2019/18xxx/CVE-2019-18305.json index e57e64ce333..175eddebb2b 100644 --- a/2019/18xxx/CVE-2019-18305.json +++ b/2019/18xxx/CVE-2019-18305.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18306.json b/2019/18xxx/CVE-2019-18306.json index bd59eeabbce..ae2089d24c8 100644 --- a/2019/18xxx/CVE-2019-18306.json +++ b/2019/18xxx/CVE-2019-18306.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18307.json b/2019/18xxx/CVE-2019-18307.json index 5a8fbd72b61..5acd2911cdf 100644 --- a/2019/18xxx/CVE-2019-18307.json +++ b/2019/18xxx/CVE-2019-18307.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, and CVE-2019-18306.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18308.json b/2019/18xxx/CVE-2019-18308.json index 5bf75ec63c6..9523f6813c7 100644 --- a/2019/18xxx/CVE-2019-18308.json +++ b/2019/18xxx/CVE-2019-18308.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could\ngain root privileges by manipulating specific files in the local file system.\n\nThis vulnerability is independent from CVE-2019-18309.\n\nPlease note that an attacker needs to have local access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18309.json b/2019/18xxx/CVE-2019-18309.json index 10e426827c9..41a9cd320b7 100644 --- a/2019/18xxx/CVE-2019-18309.json +++ b/2019/18xxx/CVE-2019-18309.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could\ngain root privileges by manipulating specific files in the local file system.\n\nThis vulnerability is independent from CVE-2019-18308.\n\nPlease note that an attacker needs to have local access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18310.json b/2019/18xxx/CVE-2019-18310.json index 68a61e8c255..a907840a052 100644 --- a/2019/18xxx/CVE-2019-18310.json +++ b/2019/18xxx/CVE-2019-18310.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 7061/tcp.\n\nThis vulnerability is independent from CVE-2019-18311.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18311.json b/2019/18xxx/CVE-2019-18311.json index 1afef14a7bc..4e2adf2a1f9 100644 --- a/2019/18xxx/CVE-2019-18311.json +++ b/2019/18xxx/CVE-2019-18311.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 7061/tcp.\n\nThis vulnerability is independent from CVE-2019-18310.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18312.json b/2019/18xxx/CVE-2019-18312.json index def22cf71c7..c35be71ca64 100644 --- a/2019/18xxx/CVE-2019-18312.json +++ b/2019/18xxx/CVE-2019-18312.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running\nRPC services.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18313.json b/2019/18xxx/CVE-2019-18313.json index 193178fb93f..8ef507ddd10 100644 --- a/2019/18xxx/CVE-2019-18313.json +++ b/2019/18xxx/CVE-2019-18313.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code\nexecution\nby sending specifically crafted objects to one of the RPC services.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18314.json b/2019/18xxx/CVE-2019-18314.json index 9325224d039..a844a970374 100644 --- a/2019/18xxx/CVE-2019-18314.json +++ b/2019/18xxx/CVE-2019-18314.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain\nremote code execution\nby sending specifically crafted objects via RMI.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18315.json b/2019/18xxx/CVE-2019-18315.json index ed01721159a..5f95e82af27 100644 --- a/2019/18xxx/CVE-2019-18315.json +++ b/2019/18xxx/CVE-2019-18315.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain\nremote code execution\nby sending specifically crafted packets to 8888/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18316.json b/2019/18xxx/CVE-2019-18316.json index d137b0deea8..1905b67a108 100644 --- a/2019/18xxx/CVE-2019-18316.json +++ b/2019/18xxx/CVE-2019-18316.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain\nremote code execution\nby sending specifically crafted packets to 1099/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18317.json b/2019/18xxx/CVE-2019-18317.json index cb95481cd56..2e345cc9673 100644 --- a/2019/18xxx/CVE-2019-18317.json +++ b/2019/18xxx/CVE-2019-18317.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause\na Denial-of-Service condition\nby sending specifically crafted objects via RMI.\n\nThis vulnerability is independent from CVE-2019-18318 and CVE-2019-18319.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18318.json b/2019/18xxx/CVE-2019-18318.json index 2c103dafff2..803e86d0c86 100644 --- a/2019/18xxx/CVE-2019-18318.json +++ b/2019/18xxx/CVE-2019-18318.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause\na Denial-of-Service condition\nby sending specifically crafted objects via RMI.\n\nThis vulnerability is independent from CVE-2019-18317 and CVE-2019-18319.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18319.json b/2019/18xxx/CVE-2019-18319.json index 4dbe6093db5..8b3d19d114c 100644 --- a/2019/18xxx/CVE-2019-18319.json +++ b/2019/18xxx/CVE-2019-18319.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause\na Denial-of-Service condition\nby sending specifically crafted objects via RMI.\n\nThis vulnerability is independent from CVE-2019-18317 and CVE-2019-18318.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18320.json b/2019/18xxx/CVE-2019-18320.json index f8916ac0e23..46eb0e1c1e5 100644 --- a/2019/18xxx/CVE-2019-18320.json +++ b/2019/18xxx/CVE-2019-18320.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to upload\narbitrary files without authentication.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18321.json b/2019/18xxx/CVE-2019-18321.json index 879fde040e5..d075abe4392 100644 --- a/2019/18xxx/CVE-2019-18321.json +++ b/2019/18xxx/CVE-2019-18321.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18322.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18322.json b/2019/18xxx/CVE-2019-18322.json index 162e112254c..ab7f95b9b2f 100644 --- a/2019/18xxx/CVE-2019-18322.json +++ b/2019/18xxx/CVE-2019-18322.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18321.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18323.json b/2019/18xxx/CVE-2019-18323.json index 67a7027584c..b70fec69f16 100644 --- a/2019/18xxx/CVE-2019-18323.json +++ b/2019/18xxx/CVE-2019-18323.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18324.json b/2019/18xxx/CVE-2019-18324.json index 2955e45ca4b..bcf2c28d3a1 100644 --- a/2019/18xxx/CVE-2019-18324.json +++ b/2019/18xxx/CVE-2019-18324.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18325.json b/2019/18xxx/CVE-2019-18325.json index 6f99820d8ef..088c6009fae 100644 --- a/2019/18xxx/CVE-2019-18325.json +++ b/2019/18xxx/CVE-2019-18325.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18326.json b/2019/18xxx/CVE-2019-18326.json index 59c9d245fde..dcb44bf2794 100644 --- a/2019/18xxx/CVE-2019-18326.json +++ b/2019/18xxx/CVE-2019-18326.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18327.json b/2019/18xxx/CVE-2019-18327.json index 7eb61dced31..7560a7d60a5 100644 --- a/2019/18xxx/CVE-2019-18327.json +++ b/2019/18xxx/CVE-2019-18327.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18328.json b/2019/18xxx/CVE-2019-18328.json index bc8ebcf7e42..c82ace5a53a 100644 --- a/2019/18xxx/CVE-2019-18328.json +++ b/2019/18xxx/CVE-2019-18328.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18329.json b/2019/18xxx/CVE-2019-18329.json index 310d78c8580..60cf9ae6241 100644 --- a/2019/18xxx/CVE-2019-18329.json +++ b/2019/18xxx/CVE-2019-18329.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18330.json b/2019/18xxx/CVE-2019-18330.json index e9a71b13be7..f50165d4465 100644 --- a/2019/18xxx/CVE-2019-18330.json +++ b/2019/18xxx/CVE-2019-18330.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18331.json b/2019/18xxx/CVE-2019-18331.json index 5340eb4f189..24fb5ff05c6 100644 --- a/2019/18xxx/CVE-2019-18331.json +++ b/2019/18xxx/CVE-2019-18331.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access\nto path and filenames on the server\nby sending specifically crafted packets to 1099/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18332.json b/2019/18xxx/CVE-2019-18332.json index 8e409f6091e..4d51bb6a516 100644 --- a/2019/18xxx/CVE-2019-18332.json +++ b/2019/18xxx/CVE-2019-18332.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access\nto directory listings of the server\nby sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18333.json b/2019/18xxx/CVE-2019-18333.json index 1a6ba44b2c1..34f605771c2 100644 --- a/2019/18xxx/CVE-2019-18333.json +++ b/2019/18xxx/CVE-2019-18333.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access\nto filenames on the server\nby sending specifically crafted packets to 8090/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18334.json b/2019/18xxx/CVE-2019-18334.json index 34a5d7b1cdb..842ad55e3cb 100644 --- a/2019/18xxx/CVE-2019-18334.json +++ b/2019/18xxx/CVE-2019-18334.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to enumerate valid user names\nby sending specifically crafted packets to 8090/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18335.json b/2019/18xxx/CVE-2019-18335.json index 3d3150a677a..81814ea7c6c 100644 --- a/2019/18xxx/CVE-2019-18335.json +++ b/2019/18xxx/CVE-2019-18335.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < Service Pack R8.2 SP2" } ] } @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access\nto logs and configuration files\nby sending specifically crafted packets to 80/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" } ] }, diff --git a/2019/18xxx/CVE-2019-18336.json b/2019/18xxx/CVE-2019-18336.json new file mode 100644 index 00000000000..d35cdc3ac5d --- /dev/null +++ b/2019/18xxx/CVE-2019-18336.json @@ -0,0 +1,71 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-18336", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.X.17" + } + ] + } + }, + { + "product_name": "SINUMERIK 840D sl", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SINUMERIK 840D sl (All versions). Specially crafted packets sent to port 102/tcp (Profinet) could cause \nthe affected device to go into defect mode. A restart is required in\norder to recover the system.\n\nSuccessful exploitation requires an attacker to have network access to\nport 102/tcp, with no authentication. No user interation is required.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19277.json b/2019/19xxx/CVE-2019-19277.json index e83bcce7252..509294d3b61 100644 --- a/2019/19xxx/CVE-2019-19277.json +++ b/2019/19xxx/CVE-2019-19277.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19277", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19277", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SIPORT MP", + "version": { + "version_data": [ + { + "version_value": "All versions < 3.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-778: Insufficient Logging" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts\n(\"service users\") with administrative privileges that could enable a remote \nauthenticated attacker to perform actions that are not visible to other users\nof the system, such as granting persons access to a secured area.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19279.json b/2019/19xxx/CVE-2019-19279.json index f53bfa3a156..6dc5c3723db 100644 --- a/2019/19xxx/CVE-2019-19279.json +++ b/2019/19xxx/CVE-2019-19279.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19279", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19279", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device.\nAt the time of advisory publication no public exploitation of this security vulnerability was known to Siemens." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19281.json b/2019/19xxx/CVE-2019-19281.json index 43e4ce6c522..351fa99e390 100644 --- a/2019/19xxx/CVE-2019-19281.json +++ b/2019/19xxx/CVE-2019-19281.json @@ -1,17 +1,80 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19281", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19281", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.5 and < V20.8" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.5 and < V2.8" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 Software Controller", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.5 and < V20.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker\nto trigger a Denial-of-Service condition. The vulnerability can be triggered \nif specially crafted UDP packets are sent to the device.\n\nThe security vulnerability could be exploited by an attacker with network \naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the device availability.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19282.json b/2019/19xxx/CVE-2019-19282.json index 106ec657428..1e32bd4646b 100644 --- a/2019/19xxx/CVE-2019-19282.json +++ b/2019/19xxx/CVE-2019-19282.json @@ -1,17 +1,250 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19282", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "OpenPCS 7 V8.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "OpenPCS 7 V8.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "OpenPCS 7 V9.0", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC BATCH V8.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC BATCH V8.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC BATCH V9.0", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC NET PC Software", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 update 1" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V8.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V8.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.0", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC Route Control V8.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC Route Control V8.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC Route Control V9.0", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC (TIA Portal) V13", + "version": { + "version_data": [ + { + "version_value": "All versions < V13 SP2" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC (TIA Portal) V14.0.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC (TIA Portal) V15.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC (TIA Portal) V16", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.3", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.4", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.5", + "version": { + "version_data": [ + { + "version_value": "All versions < V7.5.1 Upd1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-131: Incorrect Calculation of Buffer Size" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC NET PC Software (All versions < V16 update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14.0.1 (All versions), SIMATIC WinCC (TIA Portal) V15.1 (All versions), SIMATIC WinCC (TIA Portal) V16 (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5.1 Upd1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19290.json b/2019/19xxx/CVE-2019-19290.json index d84bdcf13cc..c381022286c 100644 --- a/2019/19xxx/CVE-2019-19290.json +++ b/2019/19xxx/CVE-2019-19290.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19290", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19290", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SiNVR 3 Central Control Server (CCS)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SiNVR 3 Video Server", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The DOWNLOADS section in the web interface of the SiNVR 3 Central Control\nServer (CCS) contains a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download \narbitrary files from the server where CCS is installed.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19291.json b/2019/19xxx/CVE-2019-19291.json index ea5cd2f45ca..eaedd89d4c7 100644 --- a/2019/19xxx/CVE-2019-19291.json +++ b/2019/19xxx/CVE-2019-19291.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19291", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19291", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SiNVR 3 Central Control Server (CCS)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SiNVR 3 Video Server", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-313: Cleartext Storage in a File or on Disk" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The FTP service of the SiNVR 3 Central Control Server (CCS) maintains a\nlog file that stores login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19292.json b/2019/19xxx/CVE-2019-19292.json index f2bfe8506bd..a72eb4dac2b 100644 --- a/2019/19xxx/CVE-2019-19292.json +++ b/2019/19xxx/CVE-2019-19292.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19292", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19292", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SiNVR 3 Central Control Server (CCS)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SiNVR 3 Video Server", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an SQL injection\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\nAn authenticated remote attacker could exploit this vulnerability to\nread or modify the CCS database and potentially execute administrative\ndatabase operations or operating system commands.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19293.json b/2019/19xxx/CVE-2019-19293.json index dbfdd648246..35222246dcb 100644 --- a/2019/19xxx/CVE-2019-19293.json +++ b/2019/19xxx/CVE-2019-19293.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19293", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19293", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SiNVR 3 Central Control Server (CCS)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SiNVR 3 Video Server", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains a\nreflected Cross-site Scripting (XSS) vulnerability\nthat could allow an unauthenticated remote attacker to steal sensitive data\nor execute administrative actions on behalf of a legitimate administrator\nof the CCS web interface.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19294.json b/2019/19xxx/CVE-2019-19294.json index 24e53596304..5ca6aaf4a03 100644 --- a/2019/19xxx/CVE-2019-19294.json +++ b/2019/19xxx/CVE-2019-19294.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19294", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19294", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SiNVR 3 Central Control Server (CCS)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SiNVR 3 Video Server", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains\nmultiple stored Cross-site Scripting (XSS) vulnerabilities in several input\nfields.\nThis could allow an authenticated remote attacker to inject malicious\nJavaScript code into the CCS web application that is later executed\nin the browser context of any other user who views the relevant CCS\nweb content.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19295.json b/2019/19xxx/CVE-2019-19295.json index 4e19823a4c6..1accad48fea 100644 --- a/2019/19xxx/CVE-2019-19295.json +++ b/2019/19xxx/CVE-2019-19295.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19295", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19295", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SiNVR 3 Central Control Server (CCS)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SiNVR 3 Video Server", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-778: Insufficient Logging" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of\nsecurity-relevant activities in its XML-based communication protocol\nas provided by default on ports 5444/tcp and 5440/tcp.\nAn authenticated remote attacker could exploit this vulnerability to\nperform covert actions that are not visible in the application log.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19296.json b/2019/19xxx/CVE-2019-19296.json index b27eab195b7..e5dcf2c6fac 100644 --- a/2019/19xxx/CVE-2019-19296.json +++ b/2019/19xxx/CVE-2019-19296.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19296", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19296", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SiNVR 3 Central Control Server (CCS)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SiNVR 3 Video Server", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiNVR 3 Video\nServer contain a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download \narbitrary files from the server, if the FTP services are enabled.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19297.json b/2019/19xxx/CVE-2019-19297.json index a93d4724d68..f7f799dde40 100644 --- a/2019/19xxx/CVE-2019-19297.json +++ b/2019/19xxx/CVE-2019-19297.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19297", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19297", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SiNVR 3 Central Control Server (CCS)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SiNVR 3 Video Server", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19298.json b/2019/19xxx/CVE-2019-19298.json index 9c8582a9112..3f74be02d5c 100644 --- a/2019/19xxx/CVE-2019-19298.json +++ b/2019/19xxx/CVE-2019-19298.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19298", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SiNVR 3 Central Control Server (CCS)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SiNVR 3 Video Server", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requeats.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19299.json b/2019/19xxx/CVE-2019-19299.json index fb7d28f5ca9..5dffc9bc123 100644 --- a/2019/19xxx/CVE-2019-19299.json +++ b/2019/19xxx/CVE-2019-19299.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19299", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19299", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SiNVR 3 Central Control Server (CCS)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "SiNVR 3 Video Server", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-261: Weak Cryptography for Passwords" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/6xxx/CVE-2019-6568.json b/2019/6xxx/CVE-2019-6568.json index dfaca82dd1c..65664c6a1d3 100644 --- a/2019/6xxx/CVE-2019-6568.json +++ b/2019/6xxx/CVE-2019-6568.json @@ -219,7 +219,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V5.1.3" } ] } @@ -866,7 +866,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced (incl. SIPLUS NET variants), CP443-1 (incl. SIPLUS NET variants), CP443-1 Advanced (incl. SIPLUS NET variants), CP443-1 OPC UA (incl. SIPLUS NET variants), RFID 181EIP, SIMATIC CP 1616 and CP 1604, SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants), SIMATIC CP 443-1 (incl. SIPLUS NET variants), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants), SIMATIC CP 443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants), SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC RF600R, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants), TIM 1531 IRC (incl. SIPLUS variants). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced (incl. SIPLUS NET variants), CP443-1 (incl. SIPLUS NET variants), CP443-1 Advanced (incl. SIPLUS NET variants), CP443-1 OPC UA (incl. SIPLUS NET variants), RFID 181EIP, SIMATIC CP 1616 and CP 1604, SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants), SIMATIC CP 443-1 (incl. SIPLUS NET variants), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants), SIMATIC CP 443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants), SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC RF600R, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants), TIM 1531 IRC (incl. SIPLUS variants). The webserver of the affected devices contains a vulnerability that may lead to\na denial-of-service condition. An attacker may cause a denial-of-service\nsituation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" } ] }, diff --git a/2019/6xxx/CVE-2019-6575.json b/2019/6xxx/CVE-2019-6575.json index a8f0ced3c30..c3ab53d027d 100644 --- a/2019/6xxx/CVE-2019-6575.json +++ b/2019/6xxx/CVE-2019-6575.json @@ -99,7 +99,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V5.1.3" } ] } @@ -179,7 +179,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V1.0 SP1" } ] } @@ -236,7 +236,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions >= V7.1 < V16), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software (All versions >= V7.1 < V16), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp\ncould allow an unauthenticated remote attacker to cause a Denial-of-Service\ncondition of the OPC communication or crash the device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the OPC communication.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" } ] }, diff --git a/2019/6xxx/CVE-2019-6585.json b/2019/6xxx/CVE-2019-6585.json index 7b558fcc299..f30a4e3190f 100644 --- a/2019/6xxx/CVE-2019-6585.json +++ b/2019/6xxx/CVE-2019-6585.json @@ -1,17 +1,90 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-6585", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SCALANCE S602", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + }, + { + "product_name": "SCALANCE S612", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + }, + { + "product_name": "SCALANCE S623", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + }, + { + "product_name": "SCALANCE S627-2M", + "version": { + "version_data": [ + { + "version_value": "All versions >= V3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). The integrated configuration web server of the affected devices could allow\nCross-Site Scripting (XSS) attacks if unsuspecting users are tricked into\naccessing a malicious link.\n\nUser interaction is required for a successful exploitation. The user must \nbe logged into the web interface in order for the exploitation to succeed.\nAt the stage of publishing this security advisory no public exploitation is known.\nThe vendor has confirmed the vulnerability and provides mitigations to resolve it.\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" } ] } diff --git a/2020/7xxx/CVE-2020-7579.json b/2020/7xxx/CVE-2020-7579.json index c4da3bf00ba..67acf3946f9 100644 --- a/2020/7xxx/CVE-2020-7579.json +++ b/2020/7xxx/CVE-2020-7579.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2020-7579", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-7579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "Spectrum Power\u2122 5", + "version": { + "version_data": [ + { + "version_value": "All versions < v5.50 HF02" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Spectrum Power\u2122 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting\n(XSS) attacks if unsuspecting users are tricked into accessing a malicious link.\n\nUser interaction is required for a successful exploitation. \n\nIf deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1).\n" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938930.pdf" } ] } From 3d6afc4a2971e9b2b4f1b3e294db02c7ab6fdd65 Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Tue, 10 Mar 2020 07:50:06 -0400 Subject: [PATCH 007/144] IBM20200310-7506 Added CVE-2020-4162, CVE-2019-4608 --- 2019/4xxx/CVE-2019-4608.json | 102 +++++++++++++++++++++++++++++----- 2020/4xxx/CVE-2020-4162.json | 105 ++++++++++++++++++++++++++++++----- 2 files changed, 177 insertions(+), 30 deletions(-) diff --git a/2019/4xxx/CVE-2019-4608.json b/2019/4xxx/CVE-2019-4608.json index 581a6be69da..fd03668eec4 100644 --- a/2019/4xxx/CVE-2019-4608.json +++ b/2019/4xxx/CVE-2019-4608.json @@ -1,18 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4608", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ID" : "CVE-2019-4608", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2020-03-09T00:00:00" + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168508.", + "lang" : "eng" + } + ] + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 5694189 (Workload Scheduler)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/5694189", + "url" : "https://www.ibm.com/support/pages/node/5694189" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168508", + "name" : "ibm-tivoli-cve20194608-xss (168508)", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Workload Scheduler", + "version" : { + "version_data" : [ + { + "version_value" : "9.3" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "L", + "UI" : "R", + "I" : "L", + "AC" : "L", + "AV" : "N", + "PR" : "L", + "SCORE" : "5.400", + "A" : "N", + "S" : "C" + }, + "TM" : { + "RL" : "O", + "E" : "H", + "RC" : "C" + } + } + } +} diff --git a/2020/4xxx/CVE-2020-4162.json b/2020/4xxx/CVE-2020-4162.json index 7163929a003..fe069ec95ff 100644 --- a/2020/4xxx/CVE-2020-4162.json +++ b/2020/4xxx/CVE-2020-4162.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ID" : "CVE-2020-4162", + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2020-03-09T00:00:00", + "STATE" : "PUBLIC" + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 5690451 (InfoSphere Information Server)", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/5690451", + "url" : "https://www.ibm.com/support/pages/node/5690451" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-infosphere-cve20204162-xss (174342)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174342" + } + ] + }, + "data_format" : "MITRE", + "description" : { + "description_data" : [ + { + "value" : "IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "BM" : { + "C" : "L", + "I" : "L", + "UI" : "R", + "S" : "C", + "SCORE" : "5.400", + "A" : "N", + "PR" : "L", + "AC" : "L", + "AV" : "N" + }, + "TM" : { + "E" : "H", + "RC" : "C", + "RL" : "O" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "InfoSphere Information Server", + "version" : { + "version_data" : [ + { + "version_value" : "11.5" + }, + { + "version_value" : "11.7" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + } +} From ed1f261702acd021401cbf115d3e200733f1e537 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 12:01:30 +0000 Subject: [PATCH 008/144] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16869.json | 5 + 2019/20xxx/CVE-2019-20444.json | 5 + 2019/4xxx/CVE-2019-4608.json | 174 +++++++++++++++---------------- 2020/4xxx/CVE-2020-4162.json | 180 ++++++++++++++++----------------- 4 files changed, 187 insertions(+), 177 deletions(-) diff --git a/2019/16xxx/CVE-2019-16869.json b/2019/16xxx/CVE-2019-16869.json index 1d0cafd9aa0..9167ee53427 100644 --- a/2019/16xxx/CVE-2019-16869.json +++ b/2019/16xxx/CVE-2019-16869.json @@ -361,6 +361,11 @@ "refsource": "MLIST", "name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869", "url": "https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", + "url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E" } ] } diff --git a/2019/20xxx/CVE-2019-20444.json b/2019/20xxx/CVE-2019-20444.json index 59a017b4ce6..b3836ee78a8 100644 --- a/2019/20xxx/CVE-2019-20444.json +++ b/2019/20xxx/CVE-2019-20444.json @@ -266,6 +266,11 @@ "refsource": "MLIST", "name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869", "url": "https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", + "url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E" } ] } diff --git a/2019/4xxx/CVE-2019-4608.json b/2019/4xxx/CVE-2019-4608.json index fd03668eec4..12b473ba05f 100644 --- a/2019/4xxx/CVE-2019-4608.json +++ b/2019/4xxx/CVE-2019-4608.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4608", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-03-09T00:00:00" - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168508.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 5694189 (Workload Scheduler)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/5694189", - "url" : "https://www.ibm.com/support/pages/node/5694189" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/168508", - "name" : "ibm-tivoli-cve20194608-xss (168508)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Workload Scheduler", - "version" : { - "version_data" : [ - { - "version_value" : "9.3" - } - ] - } - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "L", - "UI" : "R", - "I" : "L", - "AC" : "L", - "AV" : "N", - "PR" : "L", - "SCORE" : "5.400", - "A" : "N", - "S" : "C" - }, - "TM" : { - "RL" : "O", - "E" : "H", - "RC" : "C" - } - } - } -} + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-4608", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-03-09T00:00:00" + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168508.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 5694189 (Workload Scheduler)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/5694189", + "url": "https://www.ibm.com/support/pages/node/5694189" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/168508", + "name": "ibm-tivoli-cve20194608-xss (168508)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Workload Scheduler", + "version": { + "version_data": [ + { + "version_value": "9.3" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "C": "L", + "UI": "R", + "I": "L", + "AC": "L", + "AV": "N", + "PR": "L", + "SCORE": "5.400", + "A": "N", + "S": "C" + }, + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4162.json b/2020/4xxx/CVE-2020-4162.json index fe069ec95ff..accd1bd908c 100644 --- a/2020/4xxx/CVE-2020-4162.json +++ b/2020/4xxx/CVE-2020-4162.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4162", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-03-09T00:00:00", - "STATE" : "PUBLIC" - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 5690451 (InfoSphere Information Server)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/5690451", - "url" : "https://www.ibm.com/support/pages/node/5690451" - }, - { - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "name" : "ibm-infosphere-cve20204162-xss (174342)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174342" - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "L", - "I" : "L", - "UI" : "R", - "S" : "C", - "SCORE" : "5.400", - "A" : "N", - "PR" : "L", - "AC" : "L", - "AV" : "N" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "11.5" - }, - { - "version_value" : "11.7" - } - ] - } - } - ] - } + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] } - ] - } - } -} + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-4162", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-03-09T00:00:00", + "STATE": "PUBLIC" + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 5690451 (InfoSphere Information Server)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/5690451", + "url": "https://www.ibm.com/support/pages/node/5690451" + }, + { + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "name": "ibm-infosphere-cve20204162-xss (174342)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174342" + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "C": "L", + "I": "L", + "UI": "R", + "S": "C", + "SCORE": "5.400", + "A": "N", + "PR": "L", + "AC": "L", + "AV": "N" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.5" + }, + { + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + } +} \ No newline at end of file From dbc8ea3f78fa155ba9020b2497d4be42292a0aa5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 13:01:12 +0000 Subject: [PATCH 009/144] "-Synchronized-Data." --- 2019/9xxx/CVE-2019-9859.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10264.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10265.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10266.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10267.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10268.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10269.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10270.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10271.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10272.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10273.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10274.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10275.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10276.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10277.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10278.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10279.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10280.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10281.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10282.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10283.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10284.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10285.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10286.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10287.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10288.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10289.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10290.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10291.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10292.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10293.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10294.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10295.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10296.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10297.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10298.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10299.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10300.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10301.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10302.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10303.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10304.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10305.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10306.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10307.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10308.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10309.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10310.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10311.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10312.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10313.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10314.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10315.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10316.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10317.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10318.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10319.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10320.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10321.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10322.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10323.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10324.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10325.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10326.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10327.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10328.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10329.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10330.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10331.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10332.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10333.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10334.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10335.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10336.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10337.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10338.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10339.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10340.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10341.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10342.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10343.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10344.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10345.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10346.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10347.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10348.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10349.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10350.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10351.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10352.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10353.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10354.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10355.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10356.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10357.json | 18 +++++++++++ 2020/10xxx/CVE-2020-10358.json | 18 +++++++++++ 96 files changed, 1760 insertions(+), 6 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10264.json create mode 100644 2020/10xxx/CVE-2020-10265.json create mode 100644 2020/10xxx/CVE-2020-10266.json create mode 100644 2020/10xxx/CVE-2020-10267.json create mode 100644 2020/10xxx/CVE-2020-10268.json create mode 100644 2020/10xxx/CVE-2020-10269.json create mode 100644 2020/10xxx/CVE-2020-10270.json create mode 100644 2020/10xxx/CVE-2020-10271.json create mode 100644 2020/10xxx/CVE-2020-10272.json create mode 100644 2020/10xxx/CVE-2020-10273.json create mode 100644 2020/10xxx/CVE-2020-10274.json create mode 100644 2020/10xxx/CVE-2020-10275.json create mode 100644 2020/10xxx/CVE-2020-10276.json create mode 100644 2020/10xxx/CVE-2020-10277.json create mode 100644 2020/10xxx/CVE-2020-10278.json create mode 100644 2020/10xxx/CVE-2020-10279.json create mode 100644 2020/10xxx/CVE-2020-10280.json create mode 100644 2020/10xxx/CVE-2020-10281.json create mode 100644 2020/10xxx/CVE-2020-10282.json create mode 100644 2020/10xxx/CVE-2020-10283.json create mode 100644 2020/10xxx/CVE-2020-10284.json create mode 100644 2020/10xxx/CVE-2020-10285.json create mode 100644 2020/10xxx/CVE-2020-10286.json create mode 100644 2020/10xxx/CVE-2020-10287.json create mode 100644 2020/10xxx/CVE-2020-10288.json create mode 100644 2020/10xxx/CVE-2020-10289.json create mode 100644 2020/10xxx/CVE-2020-10290.json create mode 100644 2020/10xxx/CVE-2020-10291.json create mode 100644 2020/10xxx/CVE-2020-10292.json create mode 100644 2020/10xxx/CVE-2020-10293.json create mode 100644 2020/10xxx/CVE-2020-10294.json create mode 100644 2020/10xxx/CVE-2020-10295.json create mode 100644 2020/10xxx/CVE-2020-10296.json create mode 100644 2020/10xxx/CVE-2020-10297.json create mode 100644 2020/10xxx/CVE-2020-10298.json create mode 100644 2020/10xxx/CVE-2020-10299.json create mode 100644 2020/10xxx/CVE-2020-10300.json create mode 100644 2020/10xxx/CVE-2020-10301.json create mode 100644 2020/10xxx/CVE-2020-10302.json create mode 100644 2020/10xxx/CVE-2020-10303.json create mode 100644 2020/10xxx/CVE-2020-10304.json create mode 100644 2020/10xxx/CVE-2020-10305.json create mode 100644 2020/10xxx/CVE-2020-10306.json create mode 100644 2020/10xxx/CVE-2020-10307.json create mode 100644 2020/10xxx/CVE-2020-10308.json create mode 100644 2020/10xxx/CVE-2020-10309.json create mode 100644 2020/10xxx/CVE-2020-10310.json create mode 100644 2020/10xxx/CVE-2020-10311.json create mode 100644 2020/10xxx/CVE-2020-10312.json create mode 100644 2020/10xxx/CVE-2020-10313.json create mode 100644 2020/10xxx/CVE-2020-10314.json create mode 100644 2020/10xxx/CVE-2020-10315.json create mode 100644 2020/10xxx/CVE-2020-10316.json create mode 100644 2020/10xxx/CVE-2020-10317.json create mode 100644 2020/10xxx/CVE-2020-10318.json create mode 100644 2020/10xxx/CVE-2020-10319.json create mode 100644 2020/10xxx/CVE-2020-10320.json create mode 100644 2020/10xxx/CVE-2020-10321.json create mode 100644 2020/10xxx/CVE-2020-10322.json create mode 100644 2020/10xxx/CVE-2020-10323.json create mode 100644 2020/10xxx/CVE-2020-10324.json create mode 100644 2020/10xxx/CVE-2020-10325.json create mode 100644 2020/10xxx/CVE-2020-10326.json create mode 100644 2020/10xxx/CVE-2020-10327.json create mode 100644 2020/10xxx/CVE-2020-10328.json create mode 100644 2020/10xxx/CVE-2020-10329.json create mode 100644 2020/10xxx/CVE-2020-10330.json create mode 100644 2020/10xxx/CVE-2020-10331.json create mode 100644 2020/10xxx/CVE-2020-10332.json create mode 100644 2020/10xxx/CVE-2020-10333.json create mode 100644 2020/10xxx/CVE-2020-10334.json create mode 100644 2020/10xxx/CVE-2020-10335.json create mode 100644 2020/10xxx/CVE-2020-10336.json create mode 100644 2020/10xxx/CVE-2020-10337.json create mode 100644 2020/10xxx/CVE-2020-10338.json create mode 100644 2020/10xxx/CVE-2020-10339.json create mode 100644 2020/10xxx/CVE-2020-10340.json create mode 100644 2020/10xxx/CVE-2020-10341.json create mode 100644 2020/10xxx/CVE-2020-10342.json create mode 100644 2020/10xxx/CVE-2020-10343.json create mode 100644 2020/10xxx/CVE-2020-10344.json create mode 100644 2020/10xxx/CVE-2020-10345.json create mode 100644 2020/10xxx/CVE-2020-10346.json create mode 100644 2020/10xxx/CVE-2020-10347.json create mode 100644 2020/10xxx/CVE-2020-10348.json create mode 100644 2020/10xxx/CVE-2020-10349.json create mode 100644 2020/10xxx/CVE-2020-10350.json create mode 100644 2020/10xxx/CVE-2020-10351.json create mode 100644 2020/10xxx/CVE-2020-10352.json create mode 100644 2020/10xxx/CVE-2020-10353.json create mode 100644 2020/10xxx/CVE-2020-10354.json create mode 100644 2020/10xxx/CVE-2020-10355.json create mode 100644 2020/10xxx/CVE-2020-10356.json create mode 100644 2020/10xxx/CVE-2020-10357.json create mode 100644 2020/10xxx/CVE-2020-10358.json diff --git a/2019/9xxx/CVE-2019-9859.json b/2019/9xxx/CVE-2019-9859.json index 0bde6b3d96d..1674b6cd79b 100644 --- a/2019/9xxx/CVE-2019-9859.json +++ b/2019/9xxx/CVE-2019-9859.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9859", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9859", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. This function comes from the PHP library directly and its description is as follows: \"escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument.\" It means that if you give Username, it will have 'Username' as a replacement. This works well and protects users from exploiting this potentially dangerous exec function. Unfortunately, VestaCP uses this escapeshellarg function incorrectly in several places." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ssd-disclosure.com/?p=3926", + "url": "https://ssd-disclosure.com/?p=3926" } ] } diff --git a/2020/10xxx/CVE-2020-10264.json b/2020/10xxx/CVE-2020-10264.json new file mode 100644 index 00000000000..968b5f8236a --- /dev/null +++ b/2020/10xxx/CVE-2020-10264.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10264", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10265.json b/2020/10xxx/CVE-2020-10265.json new file mode 100644 index 00000000000..0ddcf49ab23 --- /dev/null +++ b/2020/10xxx/CVE-2020-10265.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10265", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10266.json b/2020/10xxx/CVE-2020-10266.json new file mode 100644 index 00000000000..bbdf8f9cdda --- /dev/null +++ b/2020/10xxx/CVE-2020-10266.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10266", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10267.json b/2020/10xxx/CVE-2020-10267.json new file mode 100644 index 00000000000..037f6c21d31 --- /dev/null +++ b/2020/10xxx/CVE-2020-10267.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10267", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10268.json b/2020/10xxx/CVE-2020-10268.json new file mode 100644 index 00000000000..587c6618a9b --- /dev/null +++ b/2020/10xxx/CVE-2020-10268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10269.json b/2020/10xxx/CVE-2020-10269.json new file mode 100644 index 00000000000..71ae82d9037 --- /dev/null +++ b/2020/10xxx/CVE-2020-10269.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10269", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10270.json b/2020/10xxx/CVE-2020-10270.json new file mode 100644 index 00000000000..02632e28282 --- /dev/null +++ b/2020/10xxx/CVE-2020-10270.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10270", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10271.json b/2020/10xxx/CVE-2020-10271.json new file mode 100644 index 00000000000..81eda235935 --- /dev/null +++ b/2020/10xxx/CVE-2020-10271.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10271", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10272.json b/2020/10xxx/CVE-2020-10272.json new file mode 100644 index 00000000000..61d9e156942 --- /dev/null +++ b/2020/10xxx/CVE-2020-10272.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10272", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10273.json b/2020/10xxx/CVE-2020-10273.json new file mode 100644 index 00000000000..e38da577289 --- /dev/null +++ b/2020/10xxx/CVE-2020-10273.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10273", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10274.json b/2020/10xxx/CVE-2020-10274.json new file mode 100644 index 00000000000..3c01e02493c --- /dev/null +++ b/2020/10xxx/CVE-2020-10274.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10274", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10275.json b/2020/10xxx/CVE-2020-10275.json new file mode 100644 index 00000000000..5689256adf8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10275.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10275", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10276.json b/2020/10xxx/CVE-2020-10276.json new file mode 100644 index 00000000000..0ad7a15f054 --- /dev/null +++ b/2020/10xxx/CVE-2020-10276.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10276", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10277.json b/2020/10xxx/CVE-2020-10277.json new file mode 100644 index 00000000000..dffbb01b16d --- /dev/null +++ b/2020/10xxx/CVE-2020-10277.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10277", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10278.json b/2020/10xxx/CVE-2020-10278.json new file mode 100644 index 00000000000..a25f8c0ff06 --- /dev/null +++ b/2020/10xxx/CVE-2020-10278.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10278", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10279.json b/2020/10xxx/CVE-2020-10279.json new file mode 100644 index 00000000000..35c91b7cb8b --- /dev/null +++ b/2020/10xxx/CVE-2020-10279.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10279", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10280.json b/2020/10xxx/CVE-2020-10280.json new file mode 100644 index 00000000000..2609e9f61e6 --- /dev/null +++ b/2020/10xxx/CVE-2020-10280.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10280", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10281.json b/2020/10xxx/CVE-2020-10281.json new file mode 100644 index 00000000000..645dd2ff5c0 --- /dev/null +++ b/2020/10xxx/CVE-2020-10281.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10281", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10282.json b/2020/10xxx/CVE-2020-10282.json new file mode 100644 index 00000000000..391c024c782 --- /dev/null +++ b/2020/10xxx/CVE-2020-10282.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10282", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10283.json b/2020/10xxx/CVE-2020-10283.json new file mode 100644 index 00000000000..44df239e4ea --- /dev/null +++ b/2020/10xxx/CVE-2020-10283.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10283", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10284.json b/2020/10xxx/CVE-2020-10284.json new file mode 100644 index 00000000000..ab2b4598470 --- /dev/null +++ b/2020/10xxx/CVE-2020-10284.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10284", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10285.json b/2020/10xxx/CVE-2020-10285.json new file mode 100644 index 00000000000..7fa150aa228 --- /dev/null +++ b/2020/10xxx/CVE-2020-10285.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10285", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10286.json b/2020/10xxx/CVE-2020-10286.json new file mode 100644 index 00000000000..a5d566f813c --- /dev/null +++ b/2020/10xxx/CVE-2020-10286.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10286", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10287.json b/2020/10xxx/CVE-2020-10287.json new file mode 100644 index 00000000000..a80cb38f681 --- /dev/null +++ b/2020/10xxx/CVE-2020-10287.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10287", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10288.json b/2020/10xxx/CVE-2020-10288.json new file mode 100644 index 00000000000..4aa60e80461 --- /dev/null +++ b/2020/10xxx/CVE-2020-10288.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10288", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10289.json b/2020/10xxx/CVE-2020-10289.json new file mode 100644 index 00000000000..0449bdcc4a1 --- /dev/null +++ b/2020/10xxx/CVE-2020-10289.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10289", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10290.json b/2020/10xxx/CVE-2020-10290.json new file mode 100644 index 00000000000..cec9ccbce03 --- /dev/null +++ b/2020/10xxx/CVE-2020-10290.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10290", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10291.json b/2020/10xxx/CVE-2020-10291.json new file mode 100644 index 00000000000..5e5c504dc08 --- /dev/null +++ b/2020/10xxx/CVE-2020-10291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10292.json b/2020/10xxx/CVE-2020-10292.json new file mode 100644 index 00000000000..6a076714570 --- /dev/null +++ b/2020/10xxx/CVE-2020-10292.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10292", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10293.json b/2020/10xxx/CVE-2020-10293.json new file mode 100644 index 00000000000..b3e037dadf3 --- /dev/null +++ b/2020/10xxx/CVE-2020-10293.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10293", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10294.json b/2020/10xxx/CVE-2020-10294.json new file mode 100644 index 00000000000..489e1fd1065 --- /dev/null +++ b/2020/10xxx/CVE-2020-10294.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10294", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10295.json b/2020/10xxx/CVE-2020-10295.json new file mode 100644 index 00000000000..3ef2eceb25f --- /dev/null +++ b/2020/10xxx/CVE-2020-10295.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10295", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10296.json b/2020/10xxx/CVE-2020-10296.json new file mode 100644 index 00000000000..d1529237dc9 --- /dev/null +++ b/2020/10xxx/CVE-2020-10296.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10296", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10297.json b/2020/10xxx/CVE-2020-10297.json new file mode 100644 index 00000000000..9f8c9ed535a --- /dev/null +++ b/2020/10xxx/CVE-2020-10297.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10297", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10298.json b/2020/10xxx/CVE-2020-10298.json new file mode 100644 index 00000000000..7128e25cc23 --- /dev/null +++ b/2020/10xxx/CVE-2020-10298.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10298", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10299.json b/2020/10xxx/CVE-2020-10299.json new file mode 100644 index 00000000000..cbec5bf562c --- /dev/null +++ b/2020/10xxx/CVE-2020-10299.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10299", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10300.json b/2020/10xxx/CVE-2020-10300.json new file mode 100644 index 00000000000..e6f1df2224b --- /dev/null +++ b/2020/10xxx/CVE-2020-10300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10301.json b/2020/10xxx/CVE-2020-10301.json new file mode 100644 index 00000000000..720e36866ff --- /dev/null +++ b/2020/10xxx/CVE-2020-10301.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10301", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10302.json b/2020/10xxx/CVE-2020-10302.json new file mode 100644 index 00000000000..d87585b55b7 --- /dev/null +++ b/2020/10xxx/CVE-2020-10302.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10302", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10303.json b/2020/10xxx/CVE-2020-10303.json new file mode 100644 index 00000000000..c185e2d9c44 --- /dev/null +++ b/2020/10xxx/CVE-2020-10303.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10303", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10304.json b/2020/10xxx/CVE-2020-10304.json new file mode 100644 index 00000000000..45fbd8c76e1 --- /dev/null +++ b/2020/10xxx/CVE-2020-10304.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10304", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10305.json b/2020/10xxx/CVE-2020-10305.json new file mode 100644 index 00000000000..654d9049c4f --- /dev/null +++ b/2020/10xxx/CVE-2020-10305.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10305", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10306.json b/2020/10xxx/CVE-2020-10306.json new file mode 100644 index 00000000000..00b43c14751 --- /dev/null +++ b/2020/10xxx/CVE-2020-10306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10307.json b/2020/10xxx/CVE-2020-10307.json new file mode 100644 index 00000000000..2f704c9c292 --- /dev/null +++ b/2020/10xxx/CVE-2020-10307.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10307", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10308.json b/2020/10xxx/CVE-2020-10308.json new file mode 100644 index 00000000000..0563b3704c8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10309.json b/2020/10xxx/CVE-2020-10309.json new file mode 100644 index 00000000000..c0820be4364 --- /dev/null +++ b/2020/10xxx/CVE-2020-10309.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10309", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10310.json b/2020/10xxx/CVE-2020-10310.json new file mode 100644 index 00000000000..f00352eafdf --- /dev/null +++ b/2020/10xxx/CVE-2020-10310.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10310", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10311.json b/2020/10xxx/CVE-2020-10311.json new file mode 100644 index 00000000000..0a6ea9c5407 --- /dev/null +++ b/2020/10xxx/CVE-2020-10311.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10311", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10312.json b/2020/10xxx/CVE-2020-10312.json new file mode 100644 index 00000000000..57a6c8ac2ba --- /dev/null +++ b/2020/10xxx/CVE-2020-10312.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10312", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10313.json b/2020/10xxx/CVE-2020-10313.json new file mode 100644 index 00000000000..d4dd2667964 --- /dev/null +++ b/2020/10xxx/CVE-2020-10313.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10313", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10314.json b/2020/10xxx/CVE-2020-10314.json new file mode 100644 index 00000000000..d99ffbf70f8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10314.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10314", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10315.json b/2020/10xxx/CVE-2020-10315.json new file mode 100644 index 00000000000..8e84ddf2742 --- /dev/null +++ b/2020/10xxx/CVE-2020-10315.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10315", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10316.json b/2020/10xxx/CVE-2020-10316.json new file mode 100644 index 00000000000..eb304eb2f9b --- /dev/null +++ b/2020/10xxx/CVE-2020-10316.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10316", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10317.json b/2020/10xxx/CVE-2020-10317.json new file mode 100644 index 00000000000..d56d090cb61 --- /dev/null +++ b/2020/10xxx/CVE-2020-10317.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10317", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10318.json b/2020/10xxx/CVE-2020-10318.json new file mode 100644 index 00000000000..c38a1585c0e --- /dev/null +++ b/2020/10xxx/CVE-2020-10318.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10318", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10319.json b/2020/10xxx/CVE-2020-10319.json new file mode 100644 index 00000000000..67ff007450e --- /dev/null +++ b/2020/10xxx/CVE-2020-10319.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10319", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10320.json b/2020/10xxx/CVE-2020-10320.json new file mode 100644 index 00000000000..150d6a41db3 --- /dev/null +++ b/2020/10xxx/CVE-2020-10320.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10320", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10321.json b/2020/10xxx/CVE-2020-10321.json new file mode 100644 index 00000000000..680ac5567b2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10321.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10321", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10322.json b/2020/10xxx/CVE-2020-10322.json new file mode 100644 index 00000000000..d129d6e4ee6 --- /dev/null +++ b/2020/10xxx/CVE-2020-10322.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10322", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10323.json b/2020/10xxx/CVE-2020-10323.json new file mode 100644 index 00000000000..50b6d5c4049 --- /dev/null +++ b/2020/10xxx/CVE-2020-10323.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10323", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10324.json b/2020/10xxx/CVE-2020-10324.json new file mode 100644 index 00000000000..1d4b5558729 --- /dev/null +++ b/2020/10xxx/CVE-2020-10324.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10324", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10325.json b/2020/10xxx/CVE-2020-10325.json new file mode 100644 index 00000000000..a5d2918d81a --- /dev/null +++ b/2020/10xxx/CVE-2020-10325.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10325", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10326.json b/2020/10xxx/CVE-2020-10326.json new file mode 100644 index 00000000000..29a2635f405 --- /dev/null +++ b/2020/10xxx/CVE-2020-10326.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10326", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10327.json b/2020/10xxx/CVE-2020-10327.json new file mode 100644 index 00000000000..427c73a8ad2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10327.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10327", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10328.json b/2020/10xxx/CVE-2020-10328.json new file mode 100644 index 00000000000..352de2d999d --- /dev/null +++ b/2020/10xxx/CVE-2020-10328.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10328", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10329.json b/2020/10xxx/CVE-2020-10329.json new file mode 100644 index 00000000000..9658344d015 --- /dev/null +++ b/2020/10xxx/CVE-2020-10329.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10329", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10330.json b/2020/10xxx/CVE-2020-10330.json new file mode 100644 index 00000000000..14e86dbe9f6 --- /dev/null +++ b/2020/10xxx/CVE-2020-10330.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10330", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10331.json b/2020/10xxx/CVE-2020-10331.json new file mode 100644 index 00000000000..18d4512adf3 --- /dev/null +++ b/2020/10xxx/CVE-2020-10331.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10331", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10332.json b/2020/10xxx/CVE-2020-10332.json new file mode 100644 index 00000000000..d5f6753e1f4 --- /dev/null +++ b/2020/10xxx/CVE-2020-10332.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10332", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10333.json b/2020/10xxx/CVE-2020-10333.json new file mode 100644 index 00000000000..fb7b11679e3 --- /dev/null +++ b/2020/10xxx/CVE-2020-10333.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10333", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10334.json b/2020/10xxx/CVE-2020-10334.json new file mode 100644 index 00000000000..f623b86c0dc --- /dev/null +++ b/2020/10xxx/CVE-2020-10334.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10334", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10335.json b/2020/10xxx/CVE-2020-10335.json new file mode 100644 index 00000000000..823d90ac41c --- /dev/null +++ b/2020/10xxx/CVE-2020-10335.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10335", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10336.json b/2020/10xxx/CVE-2020-10336.json new file mode 100644 index 00000000000..8d7be413210 --- /dev/null +++ b/2020/10xxx/CVE-2020-10336.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10336", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10337.json b/2020/10xxx/CVE-2020-10337.json new file mode 100644 index 00000000000..64911d78980 --- /dev/null +++ b/2020/10xxx/CVE-2020-10337.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10337", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10338.json b/2020/10xxx/CVE-2020-10338.json new file mode 100644 index 00000000000..0cef6dd4adb --- /dev/null +++ b/2020/10xxx/CVE-2020-10338.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10338", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10339.json b/2020/10xxx/CVE-2020-10339.json new file mode 100644 index 00000000000..8257be86a41 --- /dev/null +++ b/2020/10xxx/CVE-2020-10339.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10339", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10340.json b/2020/10xxx/CVE-2020-10340.json new file mode 100644 index 00000000000..3d88321e60a --- /dev/null +++ b/2020/10xxx/CVE-2020-10340.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10340", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10341.json b/2020/10xxx/CVE-2020-10341.json new file mode 100644 index 00000000000..dbacceb867a --- /dev/null +++ b/2020/10xxx/CVE-2020-10341.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10341", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10342.json b/2020/10xxx/CVE-2020-10342.json new file mode 100644 index 00000000000..de3784b4b43 --- /dev/null +++ b/2020/10xxx/CVE-2020-10342.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10342", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10343.json b/2020/10xxx/CVE-2020-10343.json new file mode 100644 index 00000000000..427ca56b673 --- /dev/null +++ b/2020/10xxx/CVE-2020-10343.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10343", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10344.json b/2020/10xxx/CVE-2020-10344.json new file mode 100644 index 00000000000..3586528815d --- /dev/null +++ b/2020/10xxx/CVE-2020-10344.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10344", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10345.json b/2020/10xxx/CVE-2020-10345.json new file mode 100644 index 00000000000..d3a3b9cd778 --- /dev/null +++ b/2020/10xxx/CVE-2020-10345.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10345", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10346.json b/2020/10xxx/CVE-2020-10346.json new file mode 100644 index 00000000000..ec48e64ad7e --- /dev/null +++ b/2020/10xxx/CVE-2020-10346.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10346", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10347.json b/2020/10xxx/CVE-2020-10347.json new file mode 100644 index 00000000000..3c568111d3c --- /dev/null +++ b/2020/10xxx/CVE-2020-10347.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10347", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10348.json b/2020/10xxx/CVE-2020-10348.json new file mode 100644 index 00000000000..46dd1a9c9d0 --- /dev/null +++ b/2020/10xxx/CVE-2020-10348.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10348", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10349.json b/2020/10xxx/CVE-2020-10349.json new file mode 100644 index 00000000000..01731d37a20 --- /dev/null +++ b/2020/10xxx/CVE-2020-10349.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10349", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10350.json b/2020/10xxx/CVE-2020-10350.json new file mode 100644 index 00000000000..4865355bf49 --- /dev/null +++ b/2020/10xxx/CVE-2020-10350.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10350", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10351.json b/2020/10xxx/CVE-2020-10351.json new file mode 100644 index 00000000000..1216ab415f2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10351.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10351", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10352.json b/2020/10xxx/CVE-2020-10352.json new file mode 100644 index 00000000000..8890ca49ba3 --- /dev/null +++ b/2020/10xxx/CVE-2020-10352.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10352", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10353.json b/2020/10xxx/CVE-2020-10353.json new file mode 100644 index 00000000000..39e7a69ce11 --- /dev/null +++ b/2020/10xxx/CVE-2020-10353.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10353", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10354.json b/2020/10xxx/CVE-2020-10354.json new file mode 100644 index 00000000000..dc6298529ce --- /dev/null +++ b/2020/10xxx/CVE-2020-10354.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10354", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10355.json b/2020/10xxx/CVE-2020-10355.json new file mode 100644 index 00000000000..98d9d96d40b --- /dev/null +++ b/2020/10xxx/CVE-2020-10355.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10355", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10356.json b/2020/10xxx/CVE-2020-10356.json new file mode 100644 index 00000000000..018db39d27f --- /dev/null +++ b/2020/10xxx/CVE-2020-10356.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10356", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10357.json b/2020/10xxx/CVE-2020-10357.json new file mode 100644 index 00000000000..6b38097ef1f --- /dev/null +++ b/2020/10xxx/CVE-2020-10357.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10357", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10358.json b/2020/10xxx/CVE-2020-10358.json new file mode 100644 index 00000000000..89aa4bfa9bb --- /dev/null +++ b/2020/10xxx/CVE-2020-10358.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10358", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From f6f9b99b1976f41d33a980b6e6864e04fd17443e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 13:01:34 +0000 Subject: [PATCH 010/144] "-Synchronized-Data." --- 2017/10xxx/CVE-2017-10992.json | 48 +++++++++++++++++++++++-- 2018/14xxx/CVE-2018-14502.json | 53 +++++++++++++++++++++++++-- 2018/18xxx/CVE-2018-18894.json | 53 +++++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10065.json | 61 +++++++++++++++++++++++++++---- 2019/10xxx/CVE-2019-10706.json | 66 ++++++++++++++++++++++++++++++---- 2019/11xxx/CVE-2019-11686.json | 66 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10359.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10360.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10361.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10362.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10363.json | 18 ++++++++++ 11 files changed, 413 insertions(+), 24 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10359.json create mode 100644 2020/10xxx/CVE-2020-10360.json create mode 100644 2020/10xxx/CVE-2020-10361.json create mode 100644 2020/10xxx/CVE-2020-10362.json create mode 100644 2020/10xxx/CVE-2020-10363.json diff --git a/2017/10xxx/CVE-2017-10992.json b/2017/10xxx/CVE-2017-10992.json index 41d33aa3a5b..7cf98f125e1 100644 --- a/2017/10xxx/CVE-2017-10992.json +++ b/2017/10xxx/CVE-2017-10992.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-10992", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://labs.integrity.pt/advisories/cve-2017-10992/", + "url": "https://labs.integrity.pt/advisories/cve-2017-10992/" } ] } diff --git a/2018/14xxx/CVE-2018-14502.json b/2018/14xxx/CVE-2018-14502.json index 250d35b75b8..0ca0444b8ce 100644 --- a/2018/14xxx/CVE-2018-14502.json +++ b/2018/14xxx/CVE-2018-14502.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14502", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/chained-quiz/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/chained-quiz/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9112", + "url": "https://wpvulndb.com/vulnerabilities/9112" } ] } diff --git a/2018/18xxx/CVE-2018-18894.json b/2018/18xxx/CVE-2018-18894.json index b32d2a969be..55c79c8990f 100644 --- a/2018/18xxx/CVE-2018-18894.json +++ b/2018/18xxx/CVE-2018-18894.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18894", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://support.lexmark.com/alerts", + "refsource": "MISC", + "name": "http://support.lexmark.com/alerts" + }, + { + "refsource": "CONFIRM", + "name": "http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US", + "url": "http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US" } ] } diff --git a/2019/10xxx/CVE-2019-10065.json b/2019/10xxx/CVE-2019-10065.json index 1b825b8091c..e22f1e4d98c 100644 --- a/2019/10xxx/CVE-2019-10065.json +++ b/2019/10xxx/CVE-2019-10065.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10065", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10065", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.otrs.com/category/release-and-security-notes-en/", + "refsource": "MISC", + "name": "https://community.otrs.com/category/release-and-security-notes-en/" + }, + { + "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/", + "url": "https://otrs.com/release-notes/otrs-security-advisory-2019-07/" } ] } diff --git a/2019/10xxx/CVE-2019-10706.json b/2019/10xxx/CVE-2019-10706.json index a5e78bacc06..2670e8eb7ca 100644 --- a/2019/10xxx/CVE-2019-10706.json +++ b/2019/10xxx/CVE-2019-10706.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10706", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10706", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.wdc.com/cat_products.aspx?ID=6&lang=en", + "refsource": "MISC", + "name": "https://support.wdc.com/cat_products.aspx?ID=6&lang=en" + }, + { + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd", + "url": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd" + }, + { + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd", + "url": "https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd" } ] } diff --git a/2019/11xxx/CVE-2019-11686.json b/2019/11xxx/CVE-2019-11686.json index d4a75a1e7ef..859b5d3f711 100644 --- a/2019/11xxx/CVE-2019-11686.json +++ b/2019/11xxx/CVE-2019-11686.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11686", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11686", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.wdc.com/downloads.aspx?g=907&lang=en", + "refsource": "MISC", + "name": "https://support.wdc.com/downloads.aspx?g=907&lang=en" + }, + { + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-s", + "url": "https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-s" + }, + { + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd", + "url": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd" } ] } diff --git a/2020/10xxx/CVE-2020-10359.json b/2020/10xxx/CVE-2020-10359.json new file mode 100644 index 00000000000..a75f46f900b --- /dev/null +++ b/2020/10xxx/CVE-2020-10359.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10359", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10360.json b/2020/10xxx/CVE-2020-10360.json new file mode 100644 index 00000000000..caed17d43d6 --- /dev/null +++ b/2020/10xxx/CVE-2020-10360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10361.json b/2020/10xxx/CVE-2020-10361.json new file mode 100644 index 00000000000..92f695f9c6f --- /dev/null +++ b/2020/10xxx/CVE-2020-10361.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10361", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10362.json b/2020/10xxx/CVE-2020-10362.json new file mode 100644 index 00000000000..a76e534db55 --- /dev/null +++ b/2020/10xxx/CVE-2020-10362.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10362", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10363.json b/2020/10xxx/CVE-2020-10363.json new file mode 100644 index 00000000000..156fd6a6341 --- /dev/null +++ b/2020/10xxx/CVE-2020-10363.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10363", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 2de696da7cf5e073803bbf207a2ca5476667fa1a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 14:01:13 +0000 Subject: [PATCH 011/144] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11345.json | 56 +++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12428.json | 61 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12429.json | 61 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12430.json | 61 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12431.json | 61 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12432.json | 61 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12433.json | 61 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12434.json | 61 +++++++++++++++++++++++++--- 2019/20xxx/CVE-2019-20509.json | 72 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10364.json | 18 +++++++++ 10 files changed, 525 insertions(+), 48 deletions(-) create mode 100644 2019/20xxx/CVE-2019-20509.json create mode 100644 2020/10xxx/CVE-2020-10364.json diff --git a/2019/11xxx/CVE-2019-11345.json b/2019/11xxx/CVE-2019-11345.json index 6c9be22b150..5bf8da41e2e 100644 --- a/2019/11xxx/CVE-2019-11345.json +++ b/2019/11xxx/CVE-2019-11345.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11345", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11345", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.citrix.com/article/CTX247737", + "url": "https://support.citrix.com/article/CTX247737" } ] } diff --git a/2019/12xxx/CVE-2019-12428.json b/2019/12xxx/CVE-2019-12428.json index 751684ea878..32ed8e99334 100644 --- a/2019/12xxx/CVE-2019-12428.json +++ b/2019/12xxx/CVE-2019-12428.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12428", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12428", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. It has Improper Authorization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12429.json b/2019/12xxx/CVE-2019-12429.json index 9c27457ef19..71801f23f18 100644 --- a/2019/12xxx/CVE-2019-12429.json +++ b/2019/12xxx/CVE-2019-12429.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12429", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12429", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. It has Improper Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12430.json b/2019/12xxx/CVE-2019-12430.json index 73f218c1c8e..142476ae4ef 100644 --- a/2019/12xxx/CVE-2019-12430.json +++ b/2019/12xxx/CVE-2019-12430.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12430", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12430", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.11. It allows Command Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12431.json b/2019/12xxx/CVE-2019-12431.json index a20bf7d0c7f..2a8f60d4214 100644 --- a/2019/12xxx/CVE-2019-12431.json +++ b/2019/12xxx/CVE-2019-12431.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12431", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12431", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. It has Improper Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12432.json b/2019/12xxx/CVE-2019-12432.json index 5eac734a6bc..30fb67b115b 100644 --- a/2019/12xxx/CVE-2019-12432.json +++ b/2019/12xxx/CVE-2019-12432.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12432", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12432", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. It allows Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12433.json b/2019/12xxx/CVE-2019-12433.json index 6f315e1a2a8..0f2dbd32b63 100644 --- a/2019/12xxx/CVE-2019-12433.json +++ b/2019/12xxx/CVE-2019-12433.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12433", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12433", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12434.json b/2019/12xxx/CVE-2019-12434.json index 2f46f1283c7..2a82969d5dd 100644 --- a/2019/12xxx/CVE-2019-12434.json +++ b/2019/12xxx/CVE-2019-12434.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12434", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12434", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20509.json b/2019/20xxx/CVE-2019-20509.json new file mode 100644 index 00000000000..ead4f040448 --- /dev/null +++ b/2019/20xxx/CVE-2019-20509.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "archive_read_support_format_lha.c in libarchive before 3.4.1 does not ensure valid sizes for UTF-16 input, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted LHA archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libarchive/libarchive/commit/91cf9372e89f7af4582964b15ceb7fc6d1b37471", + "refsource": "MISC", + "name": "https://github.com/libarchive/libarchive/commit/91cf9372e89f7af4582964b15ceb7fc6d1b37471" + }, + { + "url": "https://github.com/libarchive/libarchive/issues/1284", + "refsource": "MISC", + "name": "https://github.com/libarchive/libarchive/issues/1284" + }, + { + "url": "https://github.com/libarchive/libarchive/compare/v3.4.0...v3.4.1", + "refsource": "MISC", + "name": "https://github.com/libarchive/libarchive/compare/v3.4.0...v3.4.1" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10364.json b/2020/10xxx/CVE-2020-10364.json new file mode 100644 index 00000000000..b2ea9f582e1 --- /dev/null +++ b/2020/10xxx/CVE-2020-10364.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10364", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 146a91b6457b9abbe01f75a2ee760420b9ec7476 Mon Sep 17 00:00:00 2001 From: Wayne Beaton Date: Tue, 10 Mar 2020 10:25:31 -0400 Subject: [PATCH 012/144] CVE-2019-17636 Signed-off-by: Wayne Beaton --- 2019/17xxx/CVE-2019-17636.json | 62 ++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17636.json diff --git a/2019/17xxx/CVE-2019-17636.json b/2019/17xxx/CVE-2019-17636.json new file mode 100644 index 00000000000..67ccafef4b3 --- /dev/null +++ b/2019/17xxx/CVE-2019-17636.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2019-17636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "Eclipse Theia", + "version": { + "version_data": [ + { + "version_value": "0.3.9 to 0.15.0" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE: CWE-345: Insufficient Verification of Data Authenticity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747" + } + ] + } +} From 579f33f400977847332c632fc62d8497682235e6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 15:01:19 +0000 Subject: [PATCH 013/144] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10705.json | 66 ++++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12428.json | 2 +- 2019/12xxx/CVE-2019-12429.json | 2 +- 2019/12xxx/CVE-2019-12430.json | 2 +- 2019/12xxx/CVE-2019-12431.json | 2 +- 2019/12xxx/CVE-2019-12432.json | 2 +- 2019/12xxx/CVE-2019-12441.json | 61 ++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12442.json | 61 ++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12443.json | 61 ++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12444.json | 61 ++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12445.json | 61 ++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12446.json | 61 ++++++++++++++++++++++++++++--- 2019/13xxx/CVE-2019-13001.json | 67 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13002.json | 67 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13003.json | 67 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13004.json | 67 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13005.json | 67 ++++++++++++++++++++++++++++++++++ 17 files changed, 730 insertions(+), 47 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13001.json create mode 100644 2019/13xxx/CVE-2019-13002.json create mode 100644 2019/13xxx/CVE-2019-13003.json create mode 100644 2019/13xxx/CVE-2019-13004.json create mode 100644 2019/13xxx/CVE-2019-13005.json diff --git a/2019/10xxx/CVE-2019-10705.json b/2019/10xxx/CVE-2019-10705.json index 5fd4e43f7e0..5d4ea57608c 100644 --- a/2019/10xxx/CVE-2019-10705.json +++ b/2019/10xxx/CVE-2019-10705.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10705", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10705", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.wdc.com/cat_products.aspx?ID=6&lang=en", + "refsource": "MISC", + "name": "https://support.wdc.com/cat_products.aspx?ID=6&lang=en" + }, + { + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd", + "url": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd" + }, + { + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd", + "url": "https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd" } ] } diff --git a/2019/12xxx/CVE-2019-12428.json b/2019/12xxx/CVE-2019-12428.json index 32ed8e99334..3f2b10ac18f 100644 --- a/2019/12xxx/CVE-2019-12428.json +++ b/2019/12xxx/CVE-2019-12428.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. It has Improper Authorization." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization." } ] }, diff --git a/2019/12xxx/CVE-2019-12429.json b/2019/12xxx/CVE-2019-12429.json index 71801f23f18..c7e0e072724 100644 --- a/2019/12xxx/CVE-2019-12429.json +++ b/2019/12xxx/CVE-2019-12429.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. It has Improper Access Control." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control." } ] }, diff --git a/2019/12xxx/CVE-2019-12430.json b/2019/12xxx/CVE-2019-12430.json index 142476ae4ef..7189054347b 100644 --- a/2019/12xxx/CVE-2019-12430.json +++ b/2019/12xxx/CVE-2019-12430.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.11. It allows Command Injection." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection." } ] }, diff --git a/2019/12xxx/CVE-2019-12431.json b/2019/12xxx/CVE-2019-12431.json index 2a8f60d4214..b05001885e8 100644 --- a/2019/12xxx/CVE-2019-12431.json +++ b/2019/12xxx/CVE-2019-12431.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. It has Improper Access Control." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control." } ] }, diff --git a/2019/12xxx/CVE-2019-12432.json b/2019/12xxx/CVE-2019-12432.json index 30fb67b115b..b131f6fda24 100644 --- a/2019/12xxx/CVE-2019-12432.json +++ b/2019/12xxx/CVE-2019-12432.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. It allows Information Disclosure." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure." } ] }, diff --git a/2019/12xxx/CVE-2019-12441.json b/2019/12xxx/CVE-2019-12441.json index 56a8e55dd34..a0a17c1213b 100644 --- a/2019/12xxx/CVE-2019-12441.json +++ b/2019/12xxx/CVE-2019-12441.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12441", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12441", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12442.json b/2019/12xxx/CVE-2019-12442.json index 685ba4b164d..1454fc3b957 100644 --- a/2019/12xxx/CVE-2019-12442.json +++ b/2019/12xxx/CVE-2019-12442.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12442", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12442", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12443.json b/2019/12xxx/CVE-2019-12443.json index 45c33ce6d6d..6bbc36e6e5d 100644 --- a/2019/12xxx/CVE-2019-12443.json +++ b/2019/12xxx/CVE-2019-12443.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12443", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12443", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12444.json b/2019/12xxx/CVE-2019-12444.json index df9d72f7463..7c1ed3fade6 100644 --- a/2019/12xxx/CVE-2019-12444.json +++ b/2019/12xxx/CVE-2019-12444.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12444", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12444", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12445.json b/2019/12xxx/CVE-2019-12445.json index aa2cacea0f9..81c786eef67 100644 --- a/2019/12xxx/CVE-2019-12445.json +++ b/2019/12xxx/CVE-2019-12445.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12445", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12445", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/12xxx/CVE-2019-12446.json b/2019/12xxx/CVE-2019-12446.json index a5a2b93f3a9..ebdbe1b26bb 100644 --- a/2019/12xxx/CVE-2019-12446.json +++ b/2019/12xxx/CVE-2019-12446.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12446", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12446", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/", + "url": "https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/" } ] } diff --git a/2019/13xxx/CVE-2019-13001.json b/2019/13xxx/CVE-2019-13001.json new file mode 100644 index 00000000000..447bcd0e061 --- /dev/null +++ b/2019/13xxx/CVE-2019-13001.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13002.json b/2019/13xxx/CVE-2019-13002.json new file mode 100644 index 00000000000..d98fd728fda --- /dev/null +++ b/2019/13xxx/CVE-2019-13002.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13003.json b/2019/13xxx/CVE-2019-13003.json new file mode 100644 index 00000000000..888be98989e --- /dev/null +++ b/2019/13xxx/CVE-2019-13003.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13004.json b/2019/13xxx/CVE-2019-13004.json new file mode 100644 index 00000000000..155646b1d0b --- /dev/null +++ b/2019/13xxx/CVE-2019-13004.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13005.json b/2019/13xxx/CVE-2019-13005.json new file mode 100644 index 00000000000..0a89318de54 --- /dev/null +++ b/2019/13xxx/CVE-2019-13005.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file From 3c60411d05318b5373369ee8237e80607de0e5bc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 16:01:10 +0000 Subject: [PATCH 014/144] "-Synchronized-Data." --- 2016/9xxx/CVE-2016-9840.json | 5 +++ 2016/9xxx/CVE-2016-9841.json | 5 +++ 2016/9xxx/CVE-2016-9842.json | 5 +++ 2016/9xxx/CVE-2016-9843.json | 5 +++ 2019/15xxx/CVE-2019-15949.json | 5 +++ 2020/10xxx/CVE-2020-10255.json | 56 ++++++++++++++++++++++++++++++---- 6 files changed, 75 insertions(+), 6 deletions(-) diff --git a/2016/9xxx/CVE-2016-9840.json b/2016/9xxx/CVE-2016-9840.json index 8f80f1b95c6..0302d71c7bf 100644 --- a/2016/9xxx/CVE-2016-9840.json +++ b/2016/9xxx/CVE-2016-9840.json @@ -186,6 +186,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4292-1", + "url": "https://usn.ubuntu.com/4292-1/" } ] } diff --git a/2016/9xxx/CVE-2016-9841.json b/2016/9xxx/CVE-2016-9841.json index 4df9e73f415..80a545890e7 100644 --- a/2016/9xxx/CVE-2016-9841.json +++ b/2016/9xxx/CVE-2016-9841.json @@ -201,6 +201,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4292-1", + "url": "https://usn.ubuntu.com/4292-1/" } ] } diff --git a/2016/9xxx/CVE-2016-9842.json b/2016/9xxx/CVE-2016-9842.json index 3d99e5f531f..bfd3f977667 100644 --- a/2016/9xxx/CVE-2016-9842.json +++ b/2016/9xxx/CVE-2016-9842.json @@ -186,6 +186,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4292-1", + "url": "https://usn.ubuntu.com/4292-1/" } ] } diff --git a/2016/9xxx/CVE-2016-9843.json b/2016/9xxx/CVE-2016-9843.json index 33c40b067fa..7413852ec55 100644 --- a/2016/9xxx/CVE-2016-9843.json +++ b/2016/9xxx/CVE-2016-9843.json @@ -201,6 +201,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4292-1", + "url": "https://usn.ubuntu.com/4292-1/" } ] } diff --git a/2019/15xxx/CVE-2019-15949.json b/2019/15xxx/CVE-2019-15949.json index bff274b73db..6924905a64f 100644 --- a/2019/15xxx/CVE-2019-15949.json +++ b/2019/15xxx/CVE-2019-15949.json @@ -56,6 +56,11 @@ "url": "https://github.com/jakgibb/nagiosxi-root-rce-exploit", "refsource": "MISC", "name": "https://github.com/jakgibb/nagiosxi-root-rce-exploit" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/156676/Nagios-XI-Authenticated-Remote-Command-Execution.html" } ] } diff --git a/2020/10xxx/CVE-2020-10255.json b/2020/10xxx/CVE-2020-10255.json index f385f5ec3d3..a7807ea75b1 100644 --- a/2020/10xxx/CVE-2020-10255.json +++ b/2020/10xxx/CVE-2020-10255.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10255", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10255", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://download.vusec.net/papers/trrespass_sp20.pdf", + "refsource": "MISC", + "name": "https://download.vusec.net/papers/trrespass_sp20.pdf" } ] } From 772cc69ffa01023d09bd89d3b04d5e7d1024cc26 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 10 Mar 2020 10:31:42 -0600 Subject: [PATCH 015/144] add CVE-2020-5253 for GHSA-2c7p-3fj4-223m --- 2020/5xxx/CVE-2020-5253.json | 84 +++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5253.json b/2020/5xxx/CVE-2020-5253.json index b61b32a0817..9f8b2ab163f 100644 --- a/2020/5xxx/CVE-2020-5253.json +++ b/2020/5xxx/CVE-2020-5253.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5253", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Privilege escalation in NetHack" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.0" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited.\n\nThis bug is patched in NetHack 3.6.0." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-184: Incomplete List of Disallowed Inputs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m" + }, + { + "name": "https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8", + "refsource": "MISC", + "url": "https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8" + } + ] + }, + "source": { + "advisory": "GHSA-2c7p-3fj4-223m", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From a3bb3c1a161697af16ddc9014935d4f153c13cb8 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 10 Mar 2020 10:43:55 -0600 Subject: [PATCH 016/144] add CVE-2020-5254 for GHSA-2ch6-6r8h-m2p9 --- 2020/5xxx/CVE-2020-5254.json | 77 +++++++++++++++++++++++++++++++++--- 1 file changed, 71 insertions(+), 6 deletions(-) diff --git a/2020/5xxx/CVE-2020-5254.json b/2020/5xxx/CVE-2020-5254.json index a200f641780..f54cf42bfee 100644 --- a/2020/5xxx/CVE-2020-5254.json +++ b/2020/5xxx/CVE-2020-5254.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5254", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack hilite_status parsing privilege escalation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.6" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited.\n\nNetHack 3.6.6 resolves this issue." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9" + } + ] + }, + "source": { + "advisory": "GHSA-2ch6-6r8h-m2p9", + "discovery": "UNKNOWN" } } \ No newline at end of file From 04548e6220487d83c533f8127643307dd6c46e78 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 17:01:20 +0000 Subject: [PATCH 017/144] "-Synchronized-Data." --- 2012/1xxx/CVE-2012-1094.json | 55 +++++++++++++++++++++++-- 2012/1xxx/CVE-2012-1096.json | 75 ++++++++++++++++++++++++++++++++-- 2019/13xxx/CVE-2019-13006.json | 67 ++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10255.json | 15 +++++++ 2020/5xxx/CVE-2020-5253.json | 4 +- 2020/5xxx/CVE-2020-5254.json | 2 +- 2020/9xxx/CVE-2020-9440.json | 56 ++++++++++++++++++++++--- 7 files changed, 259 insertions(+), 15 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13006.json diff --git a/2012/1xxx/CVE-2012-1094.json b/2012/1xxx/CVE-2012-1094.json index 1d0b2fd8931..83342d57729 100644 --- a/2012/1xxx/CVE-2012-1094.json +++ b/2012/1xxx/CVE-2012-1094.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1094", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "JBoss AS 7", + "version": { + "version_data": [ + { + "version_value": "prior to 7.1.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2012-1094", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2012-1094" } ] } diff --git a/2012/1xxx/CVE-2012-1096.json b/2012/1xxx/CVE-2012-1096.json index 5aa5bbe4b3b..8e7ef678149 100644 --- a/2012/1xxx/CVE-2012-1096.json +++ b/2012/1xxx/CVE-2012-1096.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1096", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GNOME", + "product": { + "product_data": [ + { + "product_name": "NetworkManager", + "version": { + "version_data": [ + { + "version_value": "0.9 and earlier" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-1096", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-1096" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2012-1096", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2012-1096" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/02/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/02/3" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=793329", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=793329" } ] } diff --git a/2019/13xxx/CVE-2019-13006.json b/2019/13xxx/CVE-2019-13006.json new file mode 100644 index 00000000000..58ed90198b6 --- /dev/null +++ b/2019/13xxx/CVE-2019-13006.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10255.json b/2020/10xxx/CVE-2020-10255.json index a7807ea75b1..ac2822cc471 100644 --- a/2020/10xxx/CVE-2020-10255.json +++ b/2020/10xxx/CVE-2020-10255.json @@ -56,6 +56,21 @@ "url": "https://download.vusec.net/papers/trrespass_sp20.pdf", "refsource": "MISC", "name": "https://download.vusec.net/papers/trrespass_sp20.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.vusec.net/projects/trrespass/", + "url": "https://www.vusec.net/projects/trrespass/" + }, + { + "refsource": "MISC", + "name": "https://github.com/vusec/trrespass", + "url": "https://github.com/vusec/trrespass" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/vu5ec/status/1237399112590467072", + "url": "https://twitter.com/vu5ec/status/1237399112590467072" } ] } diff --git a/2020/5xxx/CVE-2020-5253.json b/2020/5xxx/CVE-2020-5253.json index 9f8b2ab163f..c0981eb383e 100644 --- a/2020/5xxx/CVE-2020-5253.json +++ b/2020/5xxx/CVE-2020-5253.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited.\n\nThis bug is patched in NetHack 3.6.0." + "value": "NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0." } ] }, @@ -85,4 +85,4 @@ "advisory": "GHSA-2c7p-3fj4-223m", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5254.json b/2020/5xxx/CVE-2020-5254.json index f54cf42bfee..aed17d84a27 100644 --- a/2020/5xxx/CVE-2020-5254.json +++ b/2020/5xxx/CVE-2020-5254.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited.\n\nNetHack 3.6.6 resolves this issue." + "value": "In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue." } ] }, diff --git a/2020/9xxx/CVE-2020-9440.json b/2020/9xxx/CVE-2020-9440.json index 7e6b5aa1292..4baaec0ee93 100644 --- a/2020/9xxx/CVE-2020-9440.json +++ b/2020/9xxx/CVE-2020-9440.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9440", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9440", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed", + "url": "https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed" } ] } From 89e21050d855343dbdc97e4af92f7b0fea2001ac Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 10 Mar 2020 11:46:22 -0600 Subject: [PATCH 018/144] add CVE-2020-5258 for GHSA-jxfh-8wgv-vfr2 --- 2020/5xxx/CVE-2020-5258.json | 96 +++++++++++++++++++++++++++++++++--- 1 file changed, 89 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5258.json b/2020/5xxx/CVE-2020-5258.json index 97f66d5a483..84948d6df9e 100644 --- a/2020/5xxx/CVE-2020-5258.json +++ b/2020/5xxx/CVE-2020-5258.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5258", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Prototype pollution in dojo" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "dojo", + "version": { + "version_data": [ + { + "version_value": "< 1.12.8" + }, + { + "version_value": ">= 1.13.0, < 1.13.7" + }, + { + "version_value": ">= 1.14.0, < 1.14.6" + }, + { + "version_value": ">= 1.15.0, < 1.15.3" + }, + { + "version_value": ">= 1.16.0, < 1.16.2" + } + ] + } + } + ] + }, + "vendor_name": "dojo" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution.\n\nPrototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects.\nAn attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. \n\nThis has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2", + "refsource": "CONFIRM", + "url": "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2" + }, + { + "name": "https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d", + "refsource": "MISC", + "url": "https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d" + } + ] + }, + "source": { + "advisory": "GHSA-jxfh-8wgv-vfr2", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 4193ea23246ec855c72ccca8f41ab2d03425bc82 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Tue, 10 Mar 2020 11:48:29 -0600 Subject: [PATCH 019/144] add CVE-2020-5259 for GHSA-3hw5-q855-g6cw --- 2020/5xxx/CVE-2020-5259.json | 99 +++++++++++++++++++++++++++++++++--- 1 file changed, 92 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5259.json b/2020/5xxx/CVE-2020-5259.json index 4fc28dcfab2..3815da9ee6b 100644 --- a/2020/5xxx/CVE-2020-5259.json +++ b/2020/5xxx/CVE-2020-5259.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5259", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Prototype Pollution in Dojox" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "dojox", + "version": { + "version_data": [ + { + "version_value": "< 1.11.10" + }, + { + "version_value": ">= 1.12.0, < 1.12.8" + }, + { + "version_value": ">= 1.13.0, < 1.13.7" + }, + { + "version_value": ">= 1.14.0, < 1.14.6" + }, + { + "version_value": ">= 1.15.0, < 1.15.3" + }, + { + "version_value": ">= 1.16.0, < 1.16.2" + } + ] + } + } + ] + }, + "vendor_name": "dojo" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution.\n\nPrototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects.\nAn attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values.\n\nThis has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw", + "refsource": "CONFIRM", + "url": "https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw" + }, + { + "name": "https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da", + "refsource": "MISC", + "url": "https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da" + } + ] + }, + "source": { + "advisory": "GHSA-3hw5-q855-g6cw", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 7376fc5178b296082d14901aea51a172f70b6c92 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 18:01:20 +0000 Subject: [PATCH 020/144] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12402.json | 5 +++ 2019/13xxx/CVE-2019-13007.json | 67 ++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13009.json | 67 ++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13010.json | 67 ++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13011.json | 67 ++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13121.json | 67 ++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13457.json | 81 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15034.json | 62 ++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10255.json | 5 +++ 2020/10xxx/CVE-2020-10365.json | 18 ++++++++ 2020/10xxx/CVE-2020-10366.json | 18 ++++++++ 2020/10xxx/CVE-2020-10367.json | 18 ++++++++ 2020/10xxx/CVE-2020-10368.json | 18 ++++++++ 2020/10xxx/CVE-2020-10369.json | 18 ++++++++ 2020/10xxx/CVE-2020-10370.json | 18 ++++++++ 2020/5xxx/CVE-2020-5258.json | 4 +- 2020/5xxx/CVE-2020-5259.json | 4 +- 17 files changed, 600 insertions(+), 4 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13007.json create mode 100644 2019/13xxx/CVE-2019-13009.json create mode 100644 2019/13xxx/CVE-2019-13010.json create mode 100644 2019/13xxx/CVE-2019-13011.json create mode 100644 2019/13xxx/CVE-2019-13121.json create mode 100644 2019/13xxx/CVE-2019-13457.json create mode 100644 2019/15xxx/CVE-2019-15034.json create mode 100644 2020/10xxx/CVE-2020-10365.json create mode 100644 2020/10xxx/CVE-2020-10366.json create mode 100644 2020/10xxx/CVE-2020-10367.json create mode 100644 2020/10xxx/CVE-2020-10368.json create mode 100644 2020/10xxx/CVE-2020-10369.json create mode 100644 2020/10xxx/CVE-2020-10370.json diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 8619648506c..9172c6361e6 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -83,6 +83,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", "url": "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2019/13xxx/CVE-2019-13007.json b/2019/13xxx/CVE-2019-13007.json new file mode 100644 index 00000000000..2f7cca10600 --- /dev/null +++ b/2019/13xxx/CVE-2019-13007.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13009.json b/2019/13xxx/CVE-2019-13009.json new file mode 100644 index 00000000000..b227344f252 --- /dev/null +++ b/2019/13xxx/CVE-2019-13009.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It allows Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13010.json b/2019/13xxx/CVE-2019-13010.json new file mode 100644 index 00000000000..48d5af45071 --- /dev/null +++ b/2019/13xxx/CVE-2019-13010.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13011.json b/2019/13xxx/CVE-2019-13011.json new file mode 100644 index 00000000000..3769499483c --- /dev/null +++ b/2019/13xxx/CVE-2019-13011.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13121.json b/2019/13xxx/CVE-2019-13121.json new file mode 100644 index 00000000000..e4e900b329c --- /dev/null +++ b/2019/13xxx/CVE-2019-13121.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/", + "url": "https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13457.json b/2019/13xxx/CVE-2019-13457.json new file mode 100644 index 00000000000..e517dbe7267 --- /dev/null +++ b/2019/13xxx/CVE-2019-13457.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their \"company\" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.otrs.com/category/release-and-security-notes-en/", + "refsource": "MISC", + "name": "https://www.otrs.com/category/release-and-security-notes-en/" + }, + { + "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2019-11/", + "url": "https://otrs.com/release-notes/otrs-security-advisory-2019-11/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15034.json b/2019/15xxx/CVE-2019-15034.json new file mode 100644 index 00000000000..41d64cdfce5 --- /dev/null +++ b/2019/15xxx/CVE-2019-15034.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10255.json b/2020/10xxx/CVE-2020-10255.json index ac2822cc471..a298cb82c5b 100644 --- a/2020/10xxx/CVE-2020-10255.json +++ b/2020/10xxx/CVE-2020-10255.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://twitter.com/vu5ec/status/1237399112590467072", "url": "https://twitter.com/vu5ec/status/1237399112590467072" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/antumbral/status/1237425959407513600", + "url": "https://twitter.com/antumbral/status/1237425959407513600" } ] } diff --git a/2020/10xxx/CVE-2020-10365.json b/2020/10xxx/CVE-2020-10365.json new file mode 100644 index 00000000000..82dc0ed01e3 --- /dev/null +++ b/2020/10xxx/CVE-2020-10365.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10365", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10366.json b/2020/10xxx/CVE-2020-10366.json new file mode 100644 index 00000000000..d06bb2583d5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10367.json b/2020/10xxx/CVE-2020-10367.json new file mode 100644 index 00000000000..44cedad5a7b --- /dev/null +++ b/2020/10xxx/CVE-2020-10367.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10367", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10368.json b/2020/10xxx/CVE-2020-10368.json new file mode 100644 index 00000000000..3daa2ae7407 --- /dev/null +++ b/2020/10xxx/CVE-2020-10368.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10368", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10369.json b/2020/10xxx/CVE-2020-10369.json new file mode 100644 index 00000000000..9f6002985b2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10369.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10369", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10370.json b/2020/10xxx/CVE-2020-10370.json new file mode 100644 index 00000000000..56a2dcc238a --- /dev/null +++ b/2020/10xxx/CVE-2020-10370.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10370", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5258.json b/2020/5xxx/CVE-2020-5258.json index 84948d6df9e..3f8b90c2cd7 100644 --- a/2020/5xxx/CVE-2020-5258.json +++ b/2020/5xxx/CVE-2020-5258.json @@ -47,7 +47,7 @@ "description_data": [ { "lang": "eng", - "value": "In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution.\n\nPrototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects.\nAn attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. \n\nThis has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2" + "value": "In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2" } ] }, @@ -97,4 +97,4 @@ "advisory": "GHSA-jxfh-8wgv-vfr2", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5259.json b/2020/5xxx/CVE-2020-5259.json index 3815da9ee6b..77ac9b5ec7d 100644 --- a/2020/5xxx/CVE-2020-5259.json +++ b/2020/5xxx/CVE-2020-5259.json @@ -50,7 +50,7 @@ "description_data": [ { "lang": "eng", - "value": "In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution.\n\nPrototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects.\nAn attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values.\n\nThis has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2" + "value": "In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2" } ] }, @@ -100,4 +100,4 @@ "advisory": "GHSA-3hw5-q855-g6cw", "discovery": "UNKNOWN" } -} +} \ No newline at end of file From 9f47fe2ea2bfed0b0b974ce06e71170aebd98813 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 20:01:23 +0000 Subject: [PATCH 021/144] "-Synchronized-Data." --- 2016/9xxx/CVE-2016-9158.json | 5 +- 2016/9xxx/CVE-2016-9159.json | 5 +- 2018/4xxx/CVE-2018-4832.json | 2 +- 2019/10xxx/CVE-2019-10923.json | 2 +- 2019/10xxx/CVE-2019-10929.json | 2 +- 2019/10xxx/CVE-2019-10936.json | 2 +- 2019/10xxx/CVE-2019-10943.json | 2 +- 2019/13xxx/CVE-2019-13924.json | 2 +- 2019/13xxx/CVE-2019-13925.json | 2 +- 2019/18xxx/CVE-2019-18290.json | 2 +- 2019/18xxx/CVE-2019-18291.json | 2 +- 2019/18xxx/CVE-2019-18292.json | 2 +- 2019/18xxx/CVE-2019-18293.json | 2 +- 2019/18xxx/CVE-2019-18294.json | 2 +- 2019/18xxx/CVE-2019-18295.json | 2 +- 2019/18xxx/CVE-2019-18296.json | 2 +- 2019/18xxx/CVE-2019-18297.json | 2 +- 2019/18xxx/CVE-2019-18298.json | 2 +- 2019/18xxx/CVE-2019-18299.json | 2 +- 2019/18xxx/CVE-2019-18300.json | 2 +- 2019/18xxx/CVE-2019-18301.json | 2 +- 2019/18xxx/CVE-2019-18302.json | 2 +- 2019/18xxx/CVE-2019-18303.json | 2 +- 2019/18xxx/CVE-2019-18304.json | 2 +- 2019/18xxx/CVE-2019-18305.json | 2 +- 2019/18xxx/CVE-2019-18306.json | 2 +- 2019/18xxx/CVE-2019-18307.json | 2 +- 2019/18xxx/CVE-2019-18308.json | 2 +- 2019/18xxx/CVE-2019-18309.json | 2 +- 2019/18xxx/CVE-2019-18310.json | 2 +- 2019/18xxx/CVE-2019-18311.json | 2 +- 2019/18xxx/CVE-2019-18312.json | 2 +- 2019/18xxx/CVE-2019-18313.json | 2 +- 2019/18xxx/CVE-2019-18314.json | 2 +- 2019/18xxx/CVE-2019-18315.json | 2 +- 2019/18xxx/CVE-2019-18316.json | 2 +- 2019/18xxx/CVE-2019-18317.json | 2 +- 2019/18xxx/CVE-2019-18318.json | 2 +- 2019/18xxx/CVE-2019-18319.json | 2 +- 2019/18xxx/CVE-2019-18320.json | 2 +- 2019/18xxx/CVE-2019-18321.json | 2 +- 2019/18xxx/CVE-2019-18322.json | 2 +- 2019/18xxx/CVE-2019-18323.json | 2 +- 2019/18xxx/CVE-2019-18324.json | 2 +- 2019/18xxx/CVE-2019-18325.json | 2 +- 2019/18xxx/CVE-2019-18326.json | 2 +- 2019/18xxx/CVE-2019-18327.json | 2 +- 2019/18xxx/CVE-2019-18328.json | 2 +- 2019/18xxx/CVE-2019-18329.json | 2 +- 2019/18xxx/CVE-2019-18330.json | 2 +- 2019/18xxx/CVE-2019-18331.json | 2 +- 2019/18xxx/CVE-2019-18332.json | 2 +- 2019/18xxx/CVE-2019-18333.json | 2 +- 2019/18xxx/CVE-2019-18334.json | 2 +- 2019/18xxx/CVE-2019-18335.json | 2 +- 2019/18xxx/CVE-2019-18336.json | 7 +- 2019/19xxx/CVE-2019-19277.json | 7 +- 2019/19xxx/CVE-2019-19279.json | 7 +- 2019/19xxx/CVE-2019-19281.json | 7 +- 2019/19xxx/CVE-2019-19282.json | 7 +- 2019/19xxx/CVE-2019-19290.json | 7 +- 2019/19xxx/CVE-2019-19291.json | 7 +- 2019/19xxx/CVE-2019-19292.json | 7 +- 2019/19xxx/CVE-2019-19293.json | 7 +- 2019/19xxx/CVE-2019-19294.json | 7 +- 2019/19xxx/CVE-2019-19295.json | 7 +- 2019/19xxx/CVE-2019-19296.json | 7 +- 2019/19xxx/CVE-2019-19297.json | 7 +- 2019/19xxx/CVE-2019-19298.json | 7 +- 2019/19xxx/CVE-2019-19299.json | 7 +- 2019/6xxx/CVE-2019-6568.json | 2 +- 2019/6xxx/CVE-2019-6575.json | 2 +- 2019/6xxx/CVE-2019-6585.json | 7 +- 2019/7xxx/CVE-2019-7589.json | 100 +++++++++++++++- 2020/0xxx/CVE-2020-0010.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0011.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0012.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0029.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0031.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0032.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0033.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0034.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0035.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0036.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0037.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0038.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0039.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0041.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0042.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0043.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0044.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0058.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0059.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0060.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0061.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0069.json | 62 ++++++++++ 2020/0xxx/CVE-2020-0083.json | 62 ++++++++++ 2020/10xxx/CVE-2020-10371.json | 18 +++ 2020/7xxx/CVE-2020-7579.json | 7 +- 2020/9xxx/CVE-2020-9044.json | 210 ++++++++++++++++++++++++++++++++- 100 files changed, 1874 insertions(+), 119 deletions(-) create mode 100644 2020/0xxx/CVE-2020-0010.json create mode 100644 2020/0xxx/CVE-2020-0011.json create mode 100644 2020/0xxx/CVE-2020-0012.json create mode 100644 2020/0xxx/CVE-2020-0029.json create mode 100644 2020/0xxx/CVE-2020-0031.json create mode 100644 2020/0xxx/CVE-2020-0032.json create mode 100644 2020/0xxx/CVE-2020-0033.json create mode 100644 2020/0xxx/CVE-2020-0034.json create mode 100644 2020/0xxx/CVE-2020-0035.json create mode 100644 2020/0xxx/CVE-2020-0036.json create mode 100644 2020/0xxx/CVE-2020-0037.json create mode 100644 2020/0xxx/CVE-2020-0038.json create mode 100644 2020/0xxx/CVE-2020-0039.json create mode 100644 2020/0xxx/CVE-2020-0041.json create mode 100644 2020/0xxx/CVE-2020-0042.json create mode 100644 2020/0xxx/CVE-2020-0043.json create mode 100644 2020/0xxx/CVE-2020-0044.json create mode 100644 2020/0xxx/CVE-2020-0058.json create mode 100644 2020/0xxx/CVE-2020-0059.json create mode 100644 2020/0xxx/CVE-2020-0060.json create mode 100644 2020/0xxx/CVE-2020-0061.json create mode 100644 2020/0xxx/CVE-2020-0069.json create mode 100644 2020/0xxx/CVE-2020-0083.json create mode 100644 2020/10xxx/CVE-2020-10371.json diff --git a/2016/9xxx/CVE-2016-9158.json b/2016/9xxx/CVE-2016-9158.json index 4ca4830d27e..c617bc0d88d 100644 --- a/2016/9xxx/CVE-2016-9158.json +++ b/2016/9xxx/CVE-2016-9158.json @@ -123,8 +123,9 @@ "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf" } ] } diff --git a/2016/9xxx/CVE-2016-9159.json b/2016/9xxx/CVE-2016-9159.json index a866897e8e3..e698d1cf781 100644 --- a/2016/9xxx/CVE-2016-9159.json +++ b/2016/9xxx/CVE-2016-9159.json @@ -143,8 +143,9 @@ "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf" } ] } diff --git a/2018/4xxx/CVE-2018-4832.json b/2018/4xxx/CVE-2018-4832.json index abf8e69f110..a17bba67601 100644 --- a/2018/4xxx/CVE-2018-4832.json +++ b/2018/4xxx/CVE-2018-4832.json @@ -306,7 +306,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could\ncause a Denial-of-Service condition on the remote and local communication functionality of the\naffected products. A reboot of the system is required to recover the remote and local \ncommunication functionality.\n\nPlease note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/10xxx/CVE-2019-10923.json b/2019/10xxx/CVE-2019-10923.json index 1a1943b6f5b..bc386b63ad5 100644 --- a/2019/10xxx/CVE-2019-10923.json +++ b/2019/10xxx/CVE-2019-10923.json @@ -386,7 +386,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC CP1604 (All versions < V2.8), SIMATIC CP1616 (All versions < V2.8), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a\nDenial-of-Service condition by breaking the real-time synchronization (IRT)\nof the affected installation.\n\nThe security vulnerability could be exploited by an unauthenticated attacker\nwith network access to the affected installation. No user interaction is\nrequired to exploit this security vulnerability. The vulnerability impacts\nthe availability of the affected installations.\n" + "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC CP1604 (All versions < V2.8), SIMATIC CP1616 (All versions < V2.8), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations." } ] }, diff --git a/2019/10xxx/CVE-2019-10929.json b/2019/10xxx/CVE-2019-10929.json index 9c8c50406f2..e2aa2a6724d 100644 --- a/2019/10xxx/CVE-2019-10929.json +++ b/2019/10xxx/CVE-2019-10929.json @@ -216,7 +216,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network\ntraffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC\nS7-1500 and SIMATIC SoftwareController CPU families, due to certain\nproperties in the calculation used for integrity protection. \n\nIn order to exploit the vulnerability, an attacker must be able to perform a\nMan-in-the-Middle attack. The vulnerability could impact the integrity of the\ncommunication. \n\nNo public exploitation of the vulnerability was known at the time of advisory\npublication.\n" + "value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication." } ] }, diff --git a/2019/10xxx/CVE-2019-10936.json b/2019/10xxx/CVE-2019-10936.json index 662b7501851..895f54504cb 100644 --- a/2019/10xxx/CVE-2019-10936.json +++ b/2019/10xxx/CVE-2019-10936.json @@ -576,7 +576,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200AL (incl. SIPLUS variants), SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0), SIMATIC ET200pro, SIMATIC ET200pro (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker\nto trigger a denial-of-service condition. The vulnerability can be triggered \nif a large amount of specially crafted UDP packets are sent to device.\n\nThe security vulnerability could be exploited by an attacker with network \naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200AL (incl. SIPLUS variants), SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0), SIMATIC ET200pro, SIMATIC ET200pro (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/10xxx/CVE-2019-10943.json b/2019/10xxx/CVE-2019-10943.json index 3dab1244d58..7e07e29f638 100644 --- a/2019/10xxx/CVE-2019-10943.json +++ b/2019/10xxx/CVE-2019-10943.json @@ -126,7 +126,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8). An attacker with network access to port 102/tcp could potentially modify the\nuser program on the PLC in a way that the running code is different from the\nsource code which is stored on the device.\n\nAn attacker must have network access to affected devices and must be able to\nperform changes to the user program. The vulnerability could impact the\nperceived integrity of the user program stored on the CPU. An engineer that\ntries to obtain the code of the user program running on the device, can\nreceive different source code that is not actually running on the device.\n\nNo public exploitation of the vulnerability was known at the time of advisory\npublication.\n" + "value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication." } ] }, diff --git a/2019/13xxx/CVE-2019-13924.json b/2019/13xxx/CVE-2019-13924.json index 28231a798e1..491f2d7b930 100644 --- a/2019/13xxx/CVE-2019-13924.json +++ b/2019/13xxx/CVE-2019-13924.json @@ -66,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web\ninterface, which makes it vulnerable to Clickjacking attacks. \n\nThe security vulnerability could be exploited by an attacker that is able\nto trick an administrative user with a valid session on the target device into\nclicking on a website controlled by the attacker. The vulnerability could\nallow an attacker to perform administrative actions via the web interface.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/13xxx/CVE-2019-13925.json b/2019/13xxx/CVE-2019-13925.json index af451eb282d..0e4db3fdb96 100644 --- a/2019/13xxx/CVE-2019-13925.json +++ b/2019/13xxx/CVE-2019-13925.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could \ncause a Denial-of-Service condition of the web server. \n" + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server." } ] }, diff --git a/2019/18xxx/CVE-2019-18290.json b/2019/18xxx/CVE-2019-18290.json index 799022c388d..cdc93cd687b 100644 --- a/2019/18xxx/CVE-2019-18290.json +++ b/2019/18xxx/CVE-2019-18290.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18291.json b/2019/18xxx/CVE-2019-18291.json index d70190eaf5f..23ceed86152 100644 --- a/2019/18xxx/CVE-2019-18291.json +++ b/2019/18xxx/CVE-2019-18291.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18292.json b/2019/18xxx/CVE-2019-18292.json index 00eac159f48..6e0b275790b 100644 --- a/2019/18xxx/CVE-2019-18292.json +++ b/2019/18xxx/CVE-2019-18292.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18293.json b/2019/18xxx/CVE-2019-18293.json index 3764c9e1803..8e50810867b 100644 --- a/2019/18xxx/CVE-2019-18293.json +++ b/2019/18xxx/CVE-2019-18293.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18294.json b/2019/18xxx/CVE-2019-18294.json index 1058fd3076e..9601dee50c4 100644 --- a/2019/18xxx/CVE-2019-18294.json +++ b/2019/18xxx/CVE-2019-18294.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18295.json b/2019/18xxx/CVE-2019-18295.json index a89adca7a6d..e302232459a 100644 --- a/2019/18xxx/CVE-2019-18295.json +++ b/2019/18xxx/CVE-2019-18295.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18296.json b/2019/18xxx/CVE-2019-18296.json index 821546c2473..7d123c58336 100644 --- a/2019/18xxx/CVE-2019-18296.json +++ b/2019/18xxx/CVE-2019-18296.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18297.json b/2019/18xxx/CVE-2019-18297.json index 9567b1d6e4a..a6d4e7fe662 100644 --- a/2019/18xxx/CVE-2019-18297.json +++ b/2019/18xxx/CVE-2019-18297.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain\nroot privileges\nby sending specifically crafted packets to a named pipe.\n\nPlease note that an attacker needs to have local access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18298.json b/2019/18xxx/CVE-2019-18298.json index 975ad1f980f..c82777ccc48 100644 --- a/2019/18xxx/CVE-2019-18298.json +++ b/2019/18xxx/CVE-2019-18298.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18299.json b/2019/18xxx/CVE-2019-18299.json index 9be1e4b5e4b..4cdf1288c0a 100644 --- a/2019/18xxx/CVE-2019-18299.json +++ b/2019/18xxx/CVE-2019-18299.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18300.json b/2019/18xxx/CVE-2019-18300.json index 5758f4ca060..19f0c5da93b 100644 --- a/2019/18xxx/CVE-2019-18300.json +++ b/2019/18xxx/CVE-2019-18300.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18301.json b/2019/18xxx/CVE-2019-18301.json index db779bb3613..d9ebcca1176 100644 --- a/2019/18xxx/CVE-2019-18301.json +++ b/2019/18xxx/CVE-2019-18301.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18302.json b/2019/18xxx/CVE-2019-18302.json index 502933df977..6ed14eb95e3 100644 --- a/2019/18xxx/CVE-2019-18302.json +++ b/2019/18xxx/CVE-2019-18302.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18303.json b/2019/18xxx/CVE-2019-18303.json index b5ae68b29d4..fec587ad7ef 100644 --- a/2019/18xxx/CVE-2019-18303.json +++ b/2019/18xxx/CVE-2019-18303.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18304.json b/2019/18xxx/CVE-2019-18304.json index e073c76d1ba..8fa985c40fa 100644 --- a/2019/18xxx/CVE-2019-18304.json +++ b/2019/18xxx/CVE-2019-18304.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18305.json b/2019/18xxx/CVE-2019-18305.json index 175eddebb2b..e57e64ce333 100644 --- a/2019/18xxx/CVE-2019-18305.json +++ b/2019/18xxx/CVE-2019-18305.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18306.json b/2019/18xxx/CVE-2019-18306.json index ae2089d24c8..bd59eeabbce 100644 --- a/2019/18xxx/CVE-2019-18306.json +++ b/2019/18xxx/CVE-2019-18306.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18307.json b/2019/18xxx/CVE-2019-18307.json index 5acd2911cdf..5a8fbd72b61 100644 --- a/2019/18xxx/CVE-2019-18307.json +++ b/2019/18xxx/CVE-2019-18307.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, and CVE-2019-18306.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18308.json b/2019/18xxx/CVE-2019-18308.json index 9523f6813c7..5bf75ec63c6 100644 --- a/2019/18xxx/CVE-2019-18308.json +++ b/2019/18xxx/CVE-2019-18308.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could\ngain root privileges by manipulating specific files in the local file system.\n\nThis vulnerability is independent from CVE-2019-18309.\n\nPlease note that an attacker needs to have local access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18309.json b/2019/18xxx/CVE-2019-18309.json index 41a9cd320b7..10e426827c9 100644 --- a/2019/18xxx/CVE-2019-18309.json +++ b/2019/18xxx/CVE-2019-18309.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could\ngain root privileges by manipulating specific files in the local file system.\n\nThis vulnerability is independent from CVE-2019-18308.\n\nPlease note that an attacker needs to have local access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18310.json b/2019/18xxx/CVE-2019-18310.json index a907840a052..68a61e8c255 100644 --- a/2019/18xxx/CVE-2019-18310.json +++ b/2019/18xxx/CVE-2019-18310.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 7061/tcp.\n\nThis vulnerability is independent from CVE-2019-18311.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18311.json b/2019/18xxx/CVE-2019-18311.json index 4e2adf2a1f9..1afef14a7bc 100644 --- a/2019/18xxx/CVE-2019-18311.json +++ b/2019/18xxx/CVE-2019-18311.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 7061/tcp.\n\nThis vulnerability is independent from CVE-2019-18310.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18312.json b/2019/18xxx/CVE-2019-18312.json index c35be71ca64..def22cf71c7 100644 --- a/2019/18xxx/CVE-2019-18312.json +++ b/2019/18xxx/CVE-2019-18312.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running\nRPC services.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18313.json b/2019/18xxx/CVE-2019-18313.json index 8ef507ddd10..193178fb93f 100644 --- a/2019/18xxx/CVE-2019-18313.json +++ b/2019/18xxx/CVE-2019-18313.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code\nexecution\nby sending specifically crafted objects to one of the RPC services.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18314.json b/2019/18xxx/CVE-2019-18314.json index a844a970374..54a4c4c83f7 100644 --- a/2019/18xxx/CVE-2019-18314.json +++ b/2019/18xxx/CVE-2019-18314.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain\nremote code execution\nby sending specifically crafted objects via RMI.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18315.json b/2019/18xxx/CVE-2019-18315.json index 5f95e82af27..3448a008c7f 100644 --- a/2019/18xxx/CVE-2019-18315.json +++ b/2019/18xxx/CVE-2019-18315.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain\nremote code execution\nby sending specifically crafted packets to 8888/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18316.json b/2019/18xxx/CVE-2019-18316.json index 1905b67a108..1506c052dee 100644 --- a/2019/18xxx/CVE-2019-18316.json +++ b/2019/18xxx/CVE-2019-18316.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain\nremote code execution\nby sending specifically crafted packets to 1099/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18317.json b/2019/18xxx/CVE-2019-18317.json index 2e345cc9673..0621829cf6f 100644 --- a/2019/18xxx/CVE-2019-18317.json +++ b/2019/18xxx/CVE-2019-18317.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause\na Denial-of-Service condition\nby sending specifically crafted objects via RMI.\n\nThis vulnerability is independent from CVE-2019-18318 and CVE-2019-18319.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18318.json b/2019/18xxx/CVE-2019-18318.json index 803e86d0c86..bc0341195bc 100644 --- a/2019/18xxx/CVE-2019-18318.json +++ b/2019/18xxx/CVE-2019-18318.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause\na Denial-of-Service condition\nby sending specifically crafted objects via RMI.\n\nThis vulnerability is independent from CVE-2019-18317 and CVE-2019-18319.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18319.json b/2019/18xxx/CVE-2019-18319.json index 8b3d19d114c..b2a42317288 100644 --- a/2019/18xxx/CVE-2019-18319.json +++ b/2019/18xxx/CVE-2019-18319.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause\na Denial-of-Service condition\nby sending specifically crafted objects via RMI.\n\nThis vulnerability is independent from CVE-2019-18317 and CVE-2019-18318.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18320.json b/2019/18xxx/CVE-2019-18320.json index 46eb0e1c1e5..78aa6837092 100644 --- a/2019/18xxx/CVE-2019-18320.json +++ b/2019/18xxx/CVE-2019-18320.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to upload\narbitrary files without authentication.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18321.json b/2019/18xxx/CVE-2019-18321.json index d075abe4392..879fde040e5 100644 --- a/2019/18xxx/CVE-2019-18321.json +++ b/2019/18xxx/CVE-2019-18321.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18322.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18322.json b/2019/18xxx/CVE-2019-18322.json index ab7f95b9b2f..162e112254c 100644 --- a/2019/18xxx/CVE-2019-18322.json +++ b/2019/18xxx/CVE-2019-18322.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18321.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18323.json b/2019/18xxx/CVE-2019-18323.json index b70fec69f16..67a7027584c 100644 --- a/2019/18xxx/CVE-2019-18323.json +++ b/2019/18xxx/CVE-2019-18323.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18324.json b/2019/18xxx/CVE-2019-18324.json index bcf2c28d3a1..2955e45ca4b 100644 --- a/2019/18xxx/CVE-2019-18324.json +++ b/2019/18xxx/CVE-2019-18324.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18325.json b/2019/18xxx/CVE-2019-18325.json index 088c6009fae..6f99820d8ef 100644 --- a/2019/18xxx/CVE-2019-18325.json +++ b/2019/18xxx/CVE-2019-18325.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18326.json b/2019/18xxx/CVE-2019-18326.json index dcb44bf2794..59c9d245fde 100644 --- a/2019/18xxx/CVE-2019-18326.json +++ b/2019/18xxx/CVE-2019-18326.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18327.json b/2019/18xxx/CVE-2019-18327.json index 7560a7d60a5..7eb61dced31 100644 --- a/2019/18xxx/CVE-2019-18327.json +++ b/2019/18xxx/CVE-2019-18327.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18328.json b/2019/18xxx/CVE-2019-18328.json index c82ace5a53a..bc8ebcf7e42 100644 --- a/2019/18xxx/CVE-2019-18328.json +++ b/2019/18xxx/CVE-2019-18328.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18329.json b/2019/18xxx/CVE-2019-18329.json index 60cf9ae6241..310d78c8580 100644 --- a/2019/18xxx/CVE-2019-18329.json +++ b/2019/18xxx/CVE-2019-18329.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18330.json b/2019/18xxx/CVE-2019-18330.json index f50165d4465..e9a71b13be7 100644 --- a/2019/18xxx/CVE-2019-18330.json +++ b/2019/18xxx/CVE-2019-18330.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18331.json b/2019/18xxx/CVE-2019-18331.json index 24fb5ff05c6..eadfc421d34 100644 --- a/2019/18xxx/CVE-2019-18331.json +++ b/2019/18xxx/CVE-2019-18331.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access\nto path and filenames on the server\nby sending specifically crafted packets to 1099/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18332.json b/2019/18xxx/CVE-2019-18332.json index 4d51bb6a516..699e13562cb 100644 --- a/2019/18xxx/CVE-2019-18332.json +++ b/2019/18xxx/CVE-2019-18332.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access\nto directory listings of the server\nby sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18333.json b/2019/18xxx/CVE-2019-18333.json index 34f605771c2..0dac7cd2ca8 100644 --- a/2019/18xxx/CVE-2019-18333.json +++ b/2019/18xxx/CVE-2019-18333.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access\nto filenames on the server\nby sending specifically crafted packets to 8090/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18334.json b/2019/18xxx/CVE-2019-18334.json index 842ad55e3cb..8d7e249e6d6 100644 --- a/2019/18xxx/CVE-2019-18334.json +++ b/2019/18xxx/CVE-2019-18334.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to enumerate valid user names\nby sending specifically crafted packets to 8090/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18335.json b/2019/18xxx/CVE-2019-18335.json index 81814ea7c6c..3c7f9b8bf55 100644 --- a/2019/18xxx/CVE-2019-18335.json +++ b/2019/18xxx/CVE-2019-18335.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access\nto logs and configuration files\nby sending specifically crafted packets to 80/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18336.json b/2019/18xxx/CVE-2019-18336.json index d35cdc3ac5d..a49af27c20d 100644 --- a/2019/18xxx/CVE-2019-18336.json +++ b/2019/18xxx/CVE-2019-18336.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SINUMERIK 840D sl (All versions). Specially crafted packets sent to port 102/tcp (Profinet) could cause \nthe affected device to go into defect mode. A restart is required in\norder to recover the system.\n\nSuccessful exploitation requires an attacker to have network access to\nport 102/tcp, with no authentication. No user interation is required.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SINUMERIK 840D sl (All versions). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19277.json b/2019/19xxx/CVE-2019-19277.json index 509294d3b61..3e8c67ae70f 100644 --- a/2019/19xxx/CVE-2019-19277.json +++ b/2019/19xxx/CVE-2019-19277.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts\n(\"service users\") with administrative privileges that could enable a remote \nauthenticated attacker to perform actions that are not visible to other users\nof the system, such as granting persons access to a secured area.\n" + "value": "A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts (\"service users\") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19279.json b/2019/19xxx/CVE-2019-19279.json index 6dc5c3723db..982185ccf1e 100644 --- a/2019/19xxx/CVE-2019-19279.json +++ b/2019/19xxx/CVE-2019-19279.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device.\nAt the time of advisory publication no public exploitation of this security vulnerability was known to Siemens." + "value": "A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19281.json b/2019/19xxx/CVE-2019-19281.json index 351fa99e390..b06e6d1ac1a 100644 --- a/2019/19xxx/CVE-2019-19281.json +++ b/2019/19xxx/CVE-2019-19281.json @@ -66,15 +66,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker\nto trigger a Denial-of-Service condition. The vulnerability can be triggered \nif specially crafted UDP packets are sent to the device.\n\nThe security vulnerability could be exploited by an attacker with network \naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the device availability.\n" + "value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19282.json b/2019/19xxx/CVE-2019-19282.json index 1e32bd4646b..ae8b67639c5 100644 --- a/2019/19xxx/CVE-2019-19282.json +++ b/2019/19xxx/CVE-2019-19282.json @@ -236,15 +236,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC NET PC Software (All versions < V16 update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14.0.1 (All versions), SIMATIC WinCC (TIA Portal) V15.1 (All versions), SIMATIC WinCC (TIA Portal) V16 (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5.1 Upd1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction.\n" + "value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC NET PC Software (All versions < V16 update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14.0.1 (All versions), SIMATIC WinCC (TIA Portal) V15.1 (All versions), SIMATIC WinCC (TIA Portal) V16 (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5.1 Upd1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19290.json b/2019/19xxx/CVE-2019-19290.json index c381022286c..10e6f38dfe6 100644 --- a/2019/19xxx/CVE-2019-19290.json +++ b/2019/19xxx/CVE-2019-19290.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The DOWNLOADS section in the web interface of the SiNVR 3 Central Control\nServer (CCS) contains a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download \narbitrary files from the server where CCS is installed.\n" + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The DOWNLOADS section in the web interface of the SiNVR 3 Central Control Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19291.json b/2019/19xxx/CVE-2019-19291.json index eaedd89d4c7..d492dce47eb 100644 --- a/2019/19xxx/CVE-2019-19291.json +++ b/2019/19xxx/CVE-2019-19291.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The FTP service of the SiNVR 3 Central Control Server (CCS) maintains a\nlog file that stores login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service.\n" + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The FTP service of the SiNVR 3 Central Control Server (CCS) maintains a log file that stores login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19292.json b/2019/19xxx/CVE-2019-19292.json index a72eb4dac2b..b184b7d87e9 100644 --- a/2019/19xxx/CVE-2019-19292.json +++ b/2019/19xxx/CVE-2019-19292.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an SQL injection\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\nAn authenticated remote attacker could exploit this vulnerability to\nread or modify the CCS database and potentially execute administrative\ndatabase operations or operating system commands.\n" + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19293.json b/2019/19xxx/CVE-2019-19293.json index 35222246dcb..6f79c2c57a7 100644 --- a/2019/19xxx/CVE-2019-19293.json +++ b/2019/19xxx/CVE-2019-19293.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains a\nreflected Cross-site Scripting (XSS) vulnerability\nthat could allow an unauthenticated remote attacker to steal sensitive data\nor execute administrative actions on behalf of a legitimate administrator\nof the CCS web interface.\n" + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19294.json b/2019/19xxx/CVE-2019-19294.json index 5ca6aaf4a03..6bd79fec310 100644 --- a/2019/19xxx/CVE-2019-19294.json +++ b/2019/19xxx/CVE-2019-19294.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains\nmultiple stored Cross-site Scripting (XSS) vulnerabilities in several input\nfields.\nThis could allow an authenticated remote attacker to inject malicious\nJavaScript code into the CCS web application that is later executed\nin the browser context of any other user who views the relevant CCS\nweb content.\n" + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19295.json b/2019/19xxx/CVE-2019-19295.json index 1accad48fea..351b51274ce 100644 --- a/2019/19xxx/CVE-2019-19295.json +++ b/2019/19xxx/CVE-2019-19295.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of\nsecurity-relevant activities in its XML-based communication protocol\nas provided by default on ports 5444/tcp and 5440/tcp.\nAn authenticated remote attacker could exploit this vulnerability to\nperform covert actions that are not visible in the application log.\n" + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19296.json b/2019/19xxx/CVE-2019-19296.json index e5dcf2c6fac..61342a5ac8e 100644 --- a/2019/19xxx/CVE-2019-19296.json +++ b/2019/19xxx/CVE-2019-19296.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiNVR 3 Video\nServer contain a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download \narbitrary files from the server, if the FTP services are enabled.\n" + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiNVR 3 Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19297.json b/2019/19xxx/CVE-2019-19297.json index f7f799dde40..519299e7c96 100644 --- a/2019/19xxx/CVE-2019-19297.json +++ b/2019/19xxx/CVE-2019-19297.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server.\n" + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19298.json b/2019/19xxx/CVE-2019-19298.json index 3f74be02d5c..f15378e1688 100644 --- a/2019/19xxx/CVE-2019-19298.json +++ b/2019/19xxx/CVE-2019-19298.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requeats.\n" + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requeats." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19299.json b/2019/19xxx/CVE-2019-19299.json index 5dffc9bc123..bd0d9498e90 100644 --- a/2019/19xxx/CVE-2019-19299.json +++ b/2019/19xxx/CVE-2019-19299.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks.\n" + "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] } diff --git a/2019/6xxx/CVE-2019-6568.json b/2019/6xxx/CVE-2019-6568.json index 65664c6a1d3..63730572e06 100644 --- a/2019/6xxx/CVE-2019-6568.json +++ b/2019/6xxx/CVE-2019-6568.json @@ -866,7 +866,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced (incl. SIPLUS NET variants), CP443-1 (incl. SIPLUS NET variants), CP443-1 Advanced (incl. SIPLUS NET variants), CP443-1 OPC UA (incl. SIPLUS NET variants), RFID 181EIP, SIMATIC CP 1616 and CP 1604, SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants), SIMATIC CP 443-1 (incl. SIPLUS NET variants), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants), SIMATIC CP 443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants), SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC RF600R, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants), TIM 1531 IRC (incl. SIPLUS variants). The webserver of the affected devices contains a vulnerability that may lead to\na denial-of-service condition. An attacker may cause a denial-of-service\nsituation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced (incl. SIPLUS NET variants), CP443-1 (incl. SIPLUS NET variants), CP443-1 Advanced (incl. SIPLUS NET variants), CP443-1 OPC UA (incl. SIPLUS NET variants), RFID 181EIP, SIMATIC CP 1616 and CP 1604, SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants), SIMATIC CP 443-1 (incl. SIPLUS NET variants), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants), SIMATIC CP 443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants), SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC RF600R, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants), TIM 1531 IRC (incl. SIPLUS variants). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/6xxx/CVE-2019-6575.json b/2019/6xxx/CVE-2019-6575.json index c3ab53d027d..c55331e4436 100644 --- a/2019/6xxx/CVE-2019-6575.json +++ b/2019/6xxx/CVE-2019-6575.json @@ -236,7 +236,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software (All versions >= V7.1 < V16), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp\ncould allow an unauthenticated remote attacker to cause a Denial-of-Service\ncondition of the OPC communication or crash the device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the OPC communication.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software (All versions >= V7.1 < V16), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/6xxx/CVE-2019-6585.json b/2019/6xxx/CVE-2019-6585.json index f30a4e3190f..2114b0378bb 100644 --- a/2019/6xxx/CVE-2019-6585.json +++ b/2019/6xxx/CVE-2019-6585.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). The integrated configuration web server of the affected devices could allow\nCross-Site Scripting (XSS) attacks if unsuspecting users are tricked into\naccessing a malicious link.\n\nUser interaction is required for a successful exploitation. The user must \nbe logged into the web interface in order for the exploitation to succeed.\nAt the stage of publishing this security advisory no public exploitation is known.\nThe vendor has confirmed the vulnerability and provides mitigations to resolve it.\n" + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" } ] } diff --git a/2019/7xxx/CVE-2019-7589.json b/2019/7xxx/CVE-2019-7589.json index 87b9f9a9cd3..d963e51b5c0 100644 --- a/2019/7xxx/CVE-2019-7589.json +++ b/2019/7xxx/CVE-2019-7589.json @@ -1,9 +1,49 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "productsecurity@jci.com", "ID": "CVE-2019-7589", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Kantech EntraPass Improper Input Validation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Johnson Controls", + "product": { + "product_data": [ + { + "product_name": "Kantech EntraPass Corporate Edition", + "version": { + "version_data": [ + { + "version_value": "versions 8.0 and prior" + } + ] + } + }, + { + "product_name": "Kantech EntraPass Global Edition", + "version": { + "version_data": [ + { + "version_value": "versions 8.0 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Joachim Kerschbaumer" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +51,62 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 - Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", + "refsource": "CONFIRM", + "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories" + }, + { + "name": "ICS-CERT Advisory", + "refsource": "CERT", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-04" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade impacted Kantech EntraPass Global and Corporate edition software to version 8.10." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0010.json b/2020/0xxx/CVE-2020-0010.json new file mode 100644 index 00000000000..203cebd3446 --- /dev/null +++ b/2020/0xxx/CVE-2020-0010.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0010", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137014293References: N/A" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0011.json b/2020/0xxx/CVE-2020-0011.json new file mode 100644 index 00000000000..f35c1de7742 --- /dev/null +++ b/2020/0xxx/CVE-2020-0011.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0011", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648045References: N/A" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0012.json b/2020/0xxx/CVE-2020-0012.json new file mode 100644 index 00000000000..a3a0d363f55 --- /dev/null +++ b/2020/0xxx/CVE-2020-0012.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0012", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648844" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0029.json b/2020/0xxx/CVE-2020-0029.json new file mode 100644 index 00000000000..3c6ee5d5852 --- /dev/null +++ b/2020/0xxx/CVE-2020-0029.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0029", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0031.json b/2020/0xxx/CVE-2020-0031.json new file mode 100644 index 00000000000..f7d538f0867 --- /dev/null +++ b/2020/0xxx/CVE-2020-0031.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0031", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141703197" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0032.json b/2020/0xxx/CVE-2020-0032.json new file mode 100644 index 00000000000..05ab06845f9 --- /dev/null +++ b/2020/0xxx/CVE-2020-0032.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0032", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-145364230" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0033.json b/2020/0xxx/CVE-2020-0033.json new file mode 100644 index 00000000000..b5235ba49d0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0033.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0033", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144351324" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0034.json b/2020/0xxx/CVE-2020-0034.json new file mode 100644 index 00000000000..c9d3560e0cf --- /dev/null +++ b/2020/0xxx/CVE-2020-0034.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0034", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0035.json b/2020/0xxx/CVE-2020-0035.json new file mode 100644 index 00000000000..2d93956f411 --- /dev/null +++ b/2020/0xxx/CVE-2020-0035.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0035", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-140622024" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0036.json b/2020/0xxx/CVE-2020-0036.json new file mode 100644 index 00000000000..454250f3c24 --- /dev/null +++ b/2020/0xxx/CVE-2020-0036.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0036", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144679405" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0037.json b/2020/0xxx/CVE-2020-0037.json new file mode 100644 index 00000000000..8c4f60c6d2f --- /dev/null +++ b/2020/0xxx/CVE-2020-0037.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0037", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143106535" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0038.json b/2020/0xxx/CVE-2020-0038.json new file mode 100644 index 00000000000..7ceaa59e260 --- /dev/null +++ b/2020/0xxx/CVE-2020-0038.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0038", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143109193" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0039.json b/2020/0xxx/CVE-2020-0039.json new file mode 100644 index 00000000000..84bbc7f0316 --- /dev/null +++ b/2020/0xxx/CVE-2020-0039.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0039", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143155861" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0041.json b/2020/0xxx/CVE-2020-0041.json new file mode 100644 index 00000000000..3f56e775780 --- /dev/null +++ b/2020/0xxx/CVE-2020-0041.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0041", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0042.json b/2020/0xxx/CVE-2020-0042.json new file mode 100644 index 00000000000..136261698b5 --- /dev/null +++ b/2020/0xxx/CVE-2020-0042.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0042", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137649599" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0043.json b/2020/0xxx/CVE-2020-0043.json new file mode 100644 index 00000000000..3a839733caf --- /dev/null +++ b/2020/0xxx/CVE-2020-0043.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0043", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650218" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0044.json b/2020/0xxx/CVE-2020-0044.json new file mode 100644 index 00000000000..84be83632f2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0044.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0044", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650219" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0058.json b/2020/0xxx/CVE-2020-0058.json new file mode 100644 index 00000000000..6100c24aac7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0058.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0058", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141745011" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0059.json b/2020/0xxx/CVE-2020-0059.json new file mode 100644 index 00000000000..e1a4a5c7fd8 --- /dev/null +++ b/2020/0xxx/CVE-2020-0059.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0059", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543524" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0060.json b/2020/0xxx/CVE-2020-0060.json new file mode 100644 index 00000000000..c7557c9da8a --- /dev/null +++ b/2020/0xxx/CVE-2020-0060.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0060", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0061.json b/2020/0xxx/CVE-2020-0061.json new file mode 100644 index 00000000000..bab783daaac --- /dev/null +++ b/2020/0xxx/CVE-2020-0061.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0061", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145504977" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0069.json b/2020/0xxx/CVE-2020-0069.json new file mode 100644 index 00000000000..611933cd51c --- /dev/null +++ b/2020/0xxx/CVE-2020-0069.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0069", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-03-01", + "url": "https://source.android.com/security/bulletin/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0083.json b/2020/0xxx/CVE-2020-0083.json new file mode 100644 index 00000000000..c07d634396e --- /dev/null +++ b/2020/0xxx/CVE-2020-0083.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0083", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142797954" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10371.json b/2020/10xxx/CVE-2020-10371.json new file mode 100644 index 00000000000..1b7eaff5cfc --- /dev/null +++ b/2020/10xxx/CVE-2020-10371.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10371", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7579.json b/2020/7xxx/CVE-2020-7579.json index 67acf3946f9..b8e0e2945a0 100644 --- a/2020/7xxx/CVE-2020-7579.json +++ b/2020/7xxx/CVE-2020-7579.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Spectrum Power\u2122 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting\n(XSS) attacks if unsuspecting users are tricked into accessing a malicious link.\n\nUser interaction is required for a successful exploitation. \n\nIf deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1).\n" + "value": "A vulnerability has been identified in Spectrum Power\u2122 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1)." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938930.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938930.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-938930.pdf" } ] } diff --git a/2020/9xxx/CVE-2020-9044.json b/2020/9xxx/CVE-2020-9044.json index 50d246bcd5a..f8e33a2376f 100644 --- a/2020/9xxx/CVE-2020-9044.json +++ b/2020/9xxx/CVE-2020-9044.json @@ -1,18 +1,216 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "productsecurity@jci.com", "ID": "CVE-2020-9044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Metasys Improper Restriction of XML External Entity Reference" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Johnson Controls", + "product": { + "product_data": [ + { + "product_name": "Metasys Application and Data Server (ADS, ADS-Lite)", + "version": { + "version_data": [ + { + "version_value": "versions 10.1 and prior" + } + ] + } + }, + { + "product_name": "Metasys Extended Application and Data Server (ADX)", + "version": { + "version_data": [ + { + "version_value": "versions 10.1 and prior" + } + ] + } + }, + { + "product_name": "Metasys Open Data Server (ODS)", + "version": { + "version_data": [ + { + "version_value": "versions 10.1 and prior" + } + ] + } + }, + { + "product_name": "Metasys Open Application Server (OAS)", + "version": { + "version_data": [ + { + "version_value": "version 10.1" + } + ] + } + }, + { + "product_name": "Metasys Network Automation Engine (NAE55 only)", + "version": { + "version_data": [ + { + "version_value": "versions 9.0.1" + }, + { + "version_value": "9.0.2" + }, + { + "version_value": "9.0.3" + }, + { + "version_value": "9.0.5" + }, + { + "version_value": "9.0.6" + } + ] + } + }, + { + "product_name": "Metasys Network Integration Engine (NIE55/NIE59)", + "version": { + "version_data": [ + { + "version_value": "versions 9.0.1" + }, + { + "version_value": "9.0.2" + }, + { + "version_value": "9.0.3" + }, + { + "version_value": "9.0.5" + }, + { + "version_value": "9.0.6" + } + ] + } + }, + { + "product_name": "Metasys NAE85 and NIE85", + "version": { + "version_data": [ + { + "version_value": "versions 10.1 and prior" + } + ] + } + }, + { + "product_name": "Metasys LonWorks Control Server (LCS)", + "version": { + "version_data": [ + { + "version_value": "versions 10.1 and prior" + } + ] + } + }, + { + "product_name": "Metasys System Configuration Tool (SCT)", + "version": { + "version_data": [ + { + "version_value": "versions 13.2 and prior" + } + ] + } + }, + { + "product_name": "Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed)", + "version": { + "version_data": [ + { + "version_value": "version 8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lukasz Rupala" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 - Information Leak Through XML External Entity File Disclosure " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", + "refsource": "CONFIRM", + "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories" + }, + { + "name": "ICS-CERT Advisory", + "refsource": "CERT", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-05" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Johnson Controls has developed a patch to address this issue. Customers should contact their local branch office for remediation. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file From 81f174bf623adecd75e8e235aeb0f3b0bf99d3a0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 20:01:47 +0000 Subject: [PATCH 022/144] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13926.json | 2 +- 2019/13xxx/CVE-2019-13940.json | 2 +- 2019/13xxx/CVE-2019-13941.json | 2 +- 2019/13xxx/CVE-2019-13946.json | 2 +- 2019/18xxx/CVE-2019-18283.json | 2 +- 2019/18xxx/CVE-2019-18284.json | 2 +- 2019/18xxx/CVE-2019-18285.json | 2 +- 2019/18xxx/CVE-2019-18286.json | 2 +- 2019/18xxx/CVE-2019-18287.json | 2 +- 2019/18xxx/CVE-2019-18288.json | 2 +- 2019/18xxx/CVE-2019-18289.json | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/2019/13xxx/CVE-2019-13926.json b/2019/13xxx/CVE-2019-13926.json index 552545495d4..d3bffdc1ccf 100644 --- a/2019/13xxx/CVE-2019-13926.json +++ b/2019/13xxx/CVE-2019-13926.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could \ncause a Denial-of-Service condition of the web server. A cold reboot is \nrequired to restore the functionality of the device.\n" + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device." } ] }, diff --git a/2019/13xxx/CVE-2019-13940.json b/2019/13xxx/CVE-2019-13940.json index 8991c796eb9..1cc70ddfd32 100644 --- a/2019/13xxx/CVE-2019-13940.json +++ b/2019/13xxx/CVE-2019-13940.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions). Affected devices contain a vulnerability that could cause a Denial-of-Service condition of the web server\nby sending specially crafted HTTP requests to ports 80/tcp and 443/tcp.\n\nThe security vulnerability could be exploited by an attacker with network access to an affected device.\nSuccessful exploitation requires no system privileges and no user interaction. An attacker could use\nthe vulnerability to compromise the availability of the device\u2019s web server.\nBeyond the web service, no other functions or interfaces are affected by the Denial-of-Service condition.\n" + "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 PN/DP CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions). Affected devices contain a vulnerability that could cause a Denial-of-Service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device\u2019s web server. Beyond the web service, no other functions or interfaces are affected by the Denial-of-Service condition." } ] }, diff --git a/2019/13xxx/CVE-2019-13941.json b/2019/13xxx/CVE-2019-13941.json index f9a43c1834b..1bb4e87d928 100644 --- a/2019/13xxx/CVE-2019-13941.json +++ b/2019/13xxx/CVE-2019-13941.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for\nproject files that legitimately authenticated users have created by\nusing the application's export function.\nBy accessing a specific uniform resource locator on the web server,\na remote attacker could be able to download a project file without prior\nauthentication.\n\nThe security vulnerability could be exploited by an unauthenticated attacker\nwith network access to the affected system.\nNo user interaction is required to exploit this security vulnerability.\nSuccessful exploitation of the security vulnerability compromises the\nconfidentiality of the targeted system.\n" + "value": "A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system." } ] }, diff --git a/2019/13xxx/CVE-2019-13946.json b/2019/13xxx/CVE-2019-13946.json index 513618b593b..3ef58842ee6 100644 --- a/2019/13xxx/CVE-2019-13946.json +++ b/2019/13xxx/CVE-2019-13946.json @@ -446,7 +446,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit\ninternal resource allocation when multiple legitimate diagnostic package\nrequests are sent to the DCE-RPC interface.\nThis could lead to a denial of service condition due to lack of memory\nfor devices that include a vulnerable version of the stack.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device.\n" + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device." } ] }, diff --git a/2019/18xxx/CVE-2019-18283.json b/2019/18xxx/CVE-2019-18283.json index 7ed0bdfa672..09277d7a1c6 100644 --- a/2019/18xxx/CVE-2019-18283.json +++ b/2019/18xxx/CVE-2019-18283.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An\nattacker can gain remote code execution by sending specifically crafted\nobjects to one of its functions.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18284.json b/2019/18xxx/CVE-2019-18284.json index af43fd1f0ca..179a48b55b5 100644 --- a/2019/18xxx/CVE-2019-18284.json +++ b/2019/18xxx/CVE-2019-18284.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An\nattacker can use methods exposed via this interface to receive password hashes\nof other users and to change user passwords.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18285.json b/2019/18xxx/CVE-2019-18285.json index 014453ceca5..846c3d8a28b 100644 --- a/2019/18xxx/CVE-2019-18285.json +++ b/2019/18xxx/CVE-2019-18285.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is\nunencrypted. An attacker with access to the communication channel can\nread credentials of a valid user.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18286.json b/2019/18xxx/CVE-2019-18286.json index 147186aebca..1bbd716b404 100644 --- a/2019/18xxx/CVE-2019-18286.json +++ b/2019/18xxx/CVE-2019-18286.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing\nsensitive information.\n\nThis vulnerability is independent from CVE-2019-18287.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18287.json b/2019/18xxx/CVE-2019-18287.json index d19fe6a5fa4..55bd02e4d7b 100644 --- a/2019/18xxx/CVE-2019-18287.json +++ b/2019/18xxx/CVE-2019-18287.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing\nsensitive information.\n\nThis vulnerability is independent from CVE-2019-18286.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18288.json b/2019/18xxx/CVE-2019-18288.json index b3dca80a651..60be6141ab8 100644 --- a/2019/18xxx/CVE-2019-18288.json +++ b/2019/18xxx/CVE-2019-18288.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to\ngain remote code execution through an unsecured file upload.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/18xxx/CVE-2019-18289.json b/2019/18xxx/CVE-2019-18289.json index 3fe19bea497..7987761f9ee 100644 --- a/2019/18xxx/CVE-2019-18289.json +++ b/2019/18xxx/CVE-2019-18289.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, From 84dbfc2af6088976b8b15113bb5b3fbbc0158660 Mon Sep 17 00:00:00 2001 From: Hasnain Lakhani Date: Tue, 10 Mar 2020 13:27:13 -0700 Subject: [PATCH 023/144] Publish CVE-2019-3553 and CVE-2019-11938 --- 2019/11xxx/CVE-2019-11938.json | 72 +++++++++++++++++++++++++++++++--- 2019/3xxx/CVE-2019-3553.json | 66 +++++++++++++++++++++++++++++-- 2 files changed, 129 insertions(+), 9 deletions(-) diff --git a/2019/11xxx/CVE-2019-11938.json b/2019/11xxx/CVE-2019-11938.json index 288d935a16f..0398da0e143 100644 --- a/2019/11xxx/CVE-2019-11938.json +++ b/2019/11xxx/CVE-2019-11938.json @@ -1,17 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2019-02-14", "ID": "CVE-2019-11938", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Facebook Thrift", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_value": "v2019.12.09.00" + }, + { + "version_affected": "<", + "version_value": "v2019.12.09.00" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Allocation of Resources Without Limits or Throttling (CWE-770)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030", + "refsource": "MISC", + "url": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030" + }, + { + "name": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3", + "refsource": "MISC", + "url": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3" + }, + { + "name": "https://www.facebook.com/security/advisories/cve-2019-11938", + "refsource": "CONFIRM", + "url": "https://www.facebook.com/security/advisories/cve-2019-11938" } ] } diff --git a/2019/3xxx/CVE-2019-3553.json b/2019/3xxx/CVE-2019-3553.json index caff7ef7649..0d36004a8d5 100644 --- a/2019/3xxx/CVE-2019-3553.json +++ b/2019/3xxx/CVE-2019-3553.json @@ -1,8 +1,37 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2019-02-14", "ID": "CVE-2019-3553", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Facebook Thrift", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_value": "v2020.02.03.00" + }, + { + "version_affected": "<", + "version_value": "v2020.02.03.00" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +40,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Allocation of Resources Without Limits or Throttling (CWE-770)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351", + "refsource": "MISC", + "url": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351" + }, + { + "name": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6", + "refsource": "MISC", + "url": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6" + }, + { + "name": "https://www.facebook.com/security/advisories/cve-2019-3553", + "refsource": "CONFIRM", + "url": "https://www.facebook.com/security/advisories/cve-2019-3553" } ] } From a0cf9db70ff3dd30cdc30ae12204753747b28dc7 Mon Sep 17 00:00:00 2001 From: "Milind Kulkarni (PSIRT)" Date: Tue, 10 Mar 2020 15:38:12 -0500 Subject: [PATCH 024/144] Update CVE-2020-5958.json NVIDA CVE-2020-5958 --- 2020/5xxx/CVE-2020-5958.json | 76 ++++++++++++++++++++++++++++-------- 1 file changed, 59 insertions(+), 17 deletions(-) diff --git a/2020/5xxx/CVE-2020-5958.json b/2020/5xxx/CVE-2020-5958.json index 1974d5fc37b..e1ca51be822 100644 --- a/2020/5xxx/CVE-2020-5958.json +++ b/2020/5xxx/CVE-2020-5958.json @@ -1,18 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "psirt@nvidia.com", + "ID" : "CVE-2020-5958", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA GPU Display Driver", + "version" : { + "version_data" : [ + { + "version_value" : "ALL" + } + ] + } + } + ] + }, + "vendor_name" : "NVIDIA" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "code execution, denial of service or escalation of privileges." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" + } + ] + } +} From 35f603ec4fc3420839302c431ab32e25697e4037 Mon Sep 17 00:00:00 2001 From: "Milind Kulkarni (PSIRT)" Date: Tue, 10 Mar 2020 16:00:47 -0500 Subject: [PATCH 025/144] CVE-2020-5958 NV CVE-2020-5958 submission --- 2020/5xxx/CVE-2020-5958.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2020/5xxx/CVE-2020-5958.json b/2020/5xxx/CVE-2020-5958.json index e1ca51be822..f116487dde6 100644 --- a/2020/5xxx/CVE-2020-5958.json +++ b/2020/5xxx/CVE-2020-5958.json @@ -11,7 +11,7 @@ "product" : { "product_data" : [ { - "product_name" : "NVIDIA GPU Display Driver", + "product_name" : "NVIDIA GPU Display Driver ", "version" : { "version_data" : [ { From f92893a372001a115ffe4fe063f58c567be21e5e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 21:01:23 +0000 Subject: [PATCH 026/144] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0045.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0046.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0047.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0048.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0062.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0063.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0066.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0084.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0087.json | 62 ++++++++++++++++++++++++++++++++++++ 9 files changed, 558 insertions(+) create mode 100644 2020/0xxx/CVE-2020-0045.json create mode 100644 2020/0xxx/CVE-2020-0046.json create mode 100644 2020/0xxx/CVE-2020-0047.json create mode 100644 2020/0xxx/CVE-2020-0048.json create mode 100644 2020/0xxx/CVE-2020-0062.json create mode 100644 2020/0xxx/CVE-2020-0063.json create mode 100644 2020/0xxx/CVE-2020-0066.json create mode 100644 2020/0xxx/CVE-2020-0084.json create mode 100644 2020/0xxx/CVE-2020-0087.json diff --git a/2020/0xxx/CVE-2020-0045.json b/2020/0xxx/CVE-2020-0045.json new file mode 100644 index 00000000000..9d97e73e89e --- /dev/null +++ b/2020/0xxx/CVE-2020-0045.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0045", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141243101" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0046.json b/2020/0xxx/CVE-2020-0046.json new file mode 100644 index 00000000000..2483df44bf3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0046.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0046", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137284652" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0047.json b/2020/0xxx/CVE-2020-0047.json new file mode 100644 index 00000000000..bc4e0ae1029 --- /dev/null +++ b/2020/0xxx/CVE-2020-0047.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0047", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0048.json b/2020/0xxx/CVE-2020-0048.json new file mode 100644 index 00000000000..a1ddbcdaeac --- /dev/null +++ b/2020/0xxx/CVE-2020-0048.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0048", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139417189" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0062.json b/2020/0xxx/CVE-2020-0062.json new file mode 100644 index 00000000000..4f6f0ce00a8 --- /dev/null +++ b/2020/0xxx/CVE-2020-0062.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0062", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143232031" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0063.json b/2020/0xxx/CVE-2020-0063.json new file mode 100644 index 00000000000..e6ff7ed183d --- /dev/null +++ b/2020/0xxx/CVE-2020-0063.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0063", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143128911" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0066.json b/2020/0xxx/CVE-2020-0066.json new file mode 100644 index 00000000000..11f57ff803a --- /dev/null +++ b/2020/0xxx/CVE-2020-0066.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0066", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0084.json b/2020/0xxx/CVE-2020-0084.json new file mode 100644 index 00000000000..55b0eba5906 --- /dev/null +++ b/2020/0xxx/CVE-2020-0084.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0084", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143339775" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0087.json b/2020/0xxx/CVE-2020-0087.json new file mode 100644 index 00000000000..b5611cf7e98 --- /dev/null +++ b/2020/0xxx/CVE-2020-0087.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0087", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127989044" + } + ] + } +} \ No newline at end of file From 7687310e409f0a170aee7c8682f2625e27c7bcc4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 21:01:47 +0000 Subject: [PATCH 027/144] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0049.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0050.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0051.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0052.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0053.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0054.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0055.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0056.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0057.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0085.json | 62 +++++++++++++++++ 2020/10xxx/CVE-2020-10372.json | 62 +++++++++++++++++ 2020/10xxx/CVE-2020-10373.json | 18 +++++ 2020/10xxx/CVE-2020-10374.json | 18 +++++ 2020/6xxx/CVE-2020-6178.json | 63 +++++++++++++++++- 2020/6xxx/CVE-2020-6196.json | 62 ++++++++++++++++- 2020/6xxx/CVE-2020-6197.json | 63 +++++++++++++++++- 2020/6xxx/CVE-2020-6198.json | 63 +++++++++++++++++- 2020/6xxx/CVE-2020-6199.json | 105 ++++++++++++++++++++++++++++- 2020/6xxx/CVE-2020-6200.json | 75 ++++++++++++++++++++- 2020/6xxx/CVE-2020-6201.json | 79 +++++++++++++++++++++- 2020/6xxx/CVE-2020-6202.json | 87 +++++++++++++++++++++++- 2020/6xxx/CVE-2020-6203.json | 87 +++++++++++++++++++++++- 2020/6xxx/CVE-2020-6204.json | 118 ++++++++++++++++++++++++++++++++- 2020/6xxx/CVE-2020-6205.json | 111 ++++++++++++++++++++++++++++++- 2020/6xxx/CVE-2020-6206.json | 63 +++++++++++++++++- 2020/6xxx/CVE-2020-6207.json | 63 +++++++++++++++++- 2020/6xxx/CVE-2020-6208.json | 67 ++++++++++++++++++- 2020/6xxx/CVE-2020-6209.json | 63 +++++++++++++++++- 2020/6xxx/CVE-2020-6210.json | 67 ++++++++++++++++++- 29 files changed, 1906 insertions(+), 48 deletions(-) create mode 100644 2020/0xxx/CVE-2020-0049.json create mode 100644 2020/0xxx/CVE-2020-0050.json create mode 100644 2020/0xxx/CVE-2020-0051.json create mode 100644 2020/0xxx/CVE-2020-0052.json create mode 100644 2020/0xxx/CVE-2020-0053.json create mode 100644 2020/0xxx/CVE-2020-0054.json create mode 100644 2020/0xxx/CVE-2020-0055.json create mode 100644 2020/0xxx/CVE-2020-0056.json create mode 100644 2020/0xxx/CVE-2020-0057.json create mode 100644 2020/0xxx/CVE-2020-0085.json create mode 100644 2020/10xxx/CVE-2020-10372.json create mode 100644 2020/10xxx/CVE-2020-10373.json create mode 100644 2020/10xxx/CVE-2020-10374.json diff --git a/2020/0xxx/CVE-2020-0049.json b/2020/0xxx/CVE-2020-0049.json new file mode 100644 index 00000000000..6e1641119df --- /dev/null +++ b/2020/0xxx/CVE-2020-0049.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0049", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140177694" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0050.json b/2020/0xxx/CVE-2020-0050.json new file mode 100644 index 00000000000..fce132ad978 --- /dev/null +++ b/2020/0xxx/CVE-2020-0050.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0050", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124521372" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0051.json b/2020/0xxx/CVE-2020-0051.json new file mode 100644 index 00000000000..e0711eb980b --- /dev/null +++ b/2020/0xxx/CVE-2020-0051.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0051", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. This could lead to local escalation of privilege in Settings with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138442483" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0052.json b/2020/0xxx/CVE-2020-0052.json new file mode 100644 index 00000000000..8f61587a302 --- /dev/null +++ b/2020/0xxx/CVE-2020-0052.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0052", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In smsSelected of AnswerFragment.java, there is a way to send an SMS from the lock screen due to a permissions bypass. This could lead to local escalation of privilege on the lock screen with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137102479" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0053.json b/2020/0xxx/CVE-2020-0053.json new file mode 100644 index 00000000000..6ab2c69f353 --- /dev/null +++ b/2020/0xxx/CVE-2020-0053.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0053", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143789898" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0054.json b/2020/0xxx/CVE-2020-0054.json new file mode 100644 index 00000000000..62f78da817c --- /dev/null +++ b/2020/0xxx/CVE-2020-0054.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0054", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146642727" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0055.json b/2020/0xxx/CVE-2020-0055.json new file mode 100644 index 00000000000..cc39589706f --- /dev/null +++ b/2020/0xxx/CVE-2020-0055.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0055", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141617601" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0056.json b/2020/0xxx/CVE-2020-0056.json new file mode 100644 index 00000000000..0aba914bdfd --- /dev/null +++ b/2020/0xxx/CVE-2020-0056.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0056", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141619686" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0057.json b/2020/0xxx/CVE-2020-0057.json new file mode 100644 index 00000000000..27b42ea256e --- /dev/null +++ b/2020/0xxx/CVE-2020-0057.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0057", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141620271" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0085.json b/2020/0xxx/CVE-2020-0085.json new file mode 100644 index 00000000000..f2f09e8c9c6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0085.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0085", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege to activate tethering with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134487438" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10372.json b/2020/10xxx/CVE-2020-10372.json new file mode 100644 index 00000000000..75c400f7361 --- /dev/null +++ b/2020/10xxx/CVE-2020-10372.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://labs.f-secure.com/advisories/ramp-altimeter-stored-xss/", + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/ramp-altimeter-stored-xss/" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10373.json b/2020/10xxx/CVE-2020-10373.json new file mode 100644 index 00000000000..107331f2c18 --- /dev/null +++ b/2020/10xxx/CVE-2020-10373.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10373", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10374.json b/2020/10xxx/CVE-2020-10374.json new file mode 100644 index 00000000000..3f43e1a4b65 --- /dev/null +++ b/2020/10xxx/CVE-2020-10374.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10374", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6178.json b/2020/6xxx/CVE-2020-6178.json index 45898572482..b9b556b2a10 100644 --- a/2020/6xxx/CVE-2020-6178.json +++ b/2020/6xxx/CVE-2020-6178.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6178", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Enable Now", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "before version 1911" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/2880664", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2880664" + }, + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" } ] } diff --git a/2020/6xxx/CVE-2020-6196.json b/2020/6xxx/CVE-2020-6196.json index e22e5ee2a59..90c8873653f 100644 --- a/2020/6xxx/CVE-2020-6196.json +++ b/2020/6xxx/CVE-2020-6196.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6196", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Mobile (MobileBIService)", + "version": { + "version_data": [ + { + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/2826782", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2826782" + }, + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" } ] } diff --git a/2020/6xxx/CVE-2020-6197.json b/2020/6xxx/CVE-2020-6197.json index 9f613b07200..811229ac5cc 100644 --- a/2020/6xxx/CVE-2020-6197.json +++ b/2020/6xxx/CVE-2020-6197.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Enable Now", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "before version 1908" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "3.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Session Expiration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2845363", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2845363" } ] } diff --git a/2020/6xxx/CVE-2020-6198.json b/2020/6xxx/CVE-2020-6198.json index a2ebe1f118e..87b4da9de4c 100644 --- a/2020/6xxx/CVE-2020-6198.json +++ b/2020/6xxx/CVE-2020-6198.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6198", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Solution Manager (Diagnostics Agent)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.2" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authentication Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2845377", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2845377" } ] } diff --git a/2020/6xxx/CVE-2020-6199.json b/2020/6xxx/CVE-2020-6199.json index d126d6493e2..a496ec2e4c2 100644 --- a/2020/6xxx/CVE-2020-6199.json +++ b/2020/6xxx/CVE-2020-6199.json @@ -4,14 +4,113 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP ERP (EAPPGLO)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "607" + } + ] + } + }, + { + "product_name": "SAP ERP (SAP_FIN)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "618" + }, + { + "version_name": "<", + "version_value": "730" + } + ] + } + }, + { + "product_name": "SAP S/4HANA (S4CORE)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "100" + }, + { + "version_name": "<", + "version_value": "101" + }, + { + "version_name": "<", + "version_value": "102" + }, + { + "version_name": "<", + "version_value": "103" + }, + { + "version_name": "<", + "version_value": "104" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2871167", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2871167" } ] } diff --git a/2020/6xxx/CVE-2020-6200.json b/2020/6xxx/CVE-2020-6200.json index cd528e26ae3..736f0816ee4 100644 --- a/2020/6xxx/CVE-2020-6200.json +++ b/2020/6xxx/CVE-2020-6200.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Commerce Cloud (SmartEdit Extension)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "6.6" + }, + { + "version_name": "<", + "version_value": "6.7" + }, + { + "version_name": "<", + "version_value": "1808" + }, + { + "version_name": "<", + "version_value": "1811" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site-Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2876413", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2876413" } ] } diff --git a/2020/6xxx/CVE-2020-6201.json b/2020/6xxx/CVE-2020-6201.json index 4d8cfe98b63..f7e35b1861b 100644 --- a/2020/6xxx/CVE-2020-6201.json +++ b/2020/6xxx/CVE-2020-6201.json @@ -4,14 +4,87 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Commerce Cloud (Testweb Extension)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "6.6" + }, + { + "version_name": "<", + "version_value": "6.7" + }, + { + "version_name": "<", + "version_value": "1808" + }, + { + "version_name": "<", + "version_value": "1811" + }, + { + "version_name": "<", + "version_value": "1905" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2876813", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2876813" } ] } diff --git a/2020/6xxx/CVE-2020-6202.json b/2020/6xxx/CVE-2020-6202.json index f9970e32095..6e1bdd462f0 100644 --- a/2020/6xxx/CVE-2020-6202.json +++ b/2020/6xxx/CVE-2020-6202.json @@ -4,14 +4,95 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6202", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Application Server Java (User Management Engine)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.10" + }, + { + "version_name": "<", + "version_value": "7.11" + }, + { + "version_name": "<", + "version_value": "7.20" + }, + { + "version_name": "<", + "version_value": "7.30" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing XML Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2847787", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2847787" } ] } diff --git a/2020/6xxx/CVE-2020-6203.json b/2020/6xxx/CVE-2020-6203.json index 5bf8a76b2aa..4b263b352e1 100644 --- a/2020/6xxx/CVE-2020-6203.json +++ b/2020/6xxx/CVE-2020-6203.json @@ -4,14 +4,95 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver UDDI Server (Services Registry)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.10" + }, + { + "version_name": "<", + "version_value": "7.11" + }, + { + "version_name": "<", + "version_value": "7.20" + }, + { + "version_name": "<", + "version_value": "7.30" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2806198", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2806198" } ] } diff --git a/2020/6xxx/CVE-2020-6204.json b/2020/6xxx/CVE-2020-6204.json index 68d9ec07f81..b50a5f0941b 100644 --- a/2020/6xxx/CVE-2020-6204.json +++ b/2020/6xxx/CVE-2020-6204.json @@ -4,14 +4,126 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "600" + }, + { + "version_name": "<", + "version_value": "603" + }, + { + "version_name": "<", + "version_value": "604" + }, + { + "version_name": "<", + "version_value": "605" + }, + { + "version_name": "<", + "version_value": "606" + }, + { + "version_name": "<", + "version_value": "616" + }, + { + "version_name": "<", + "version_value": "617" + }, + { + "version_name": "<", + "version_value": "618" + }, + { + "version_name": "<", + "version_value": "800" + } + ] + } + }, + { + "product_name": "SAP Treasury and Risk Management (Transaction Management) (S4CORE)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "101" + }, + { + "version_name": "<", + "version_value": "102" + }, + { + "version_name": "<", + "version_value": "103" + }, + { + "version_name": "<", + "version_value": "104" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2841874", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2841874" } ] } diff --git a/2020/6xxx/CVE-2020-6205.json b/2020/6xxx/CVE-2020-6205.json index ed012908f76..31ac5ca091b 100644 --- a/2020/6xxx/CVE-2020-6205.json +++ b/2020/6xxx/CVE-2020-6205.json @@ -4,14 +4,119 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Application Server ABAP (Smart Forms) - SAP_BASIS", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.00" + }, + { + "version_name": "<", + "version_value": "7.01" + }, + { + "version_name": "<", + "version_value": "7.02" + }, + { + "version_name": "<", + "version_value": "7.10" + }, + { + "version_name": "<", + "version_value": "7.11" + }, + { + "version_name": "<", + "version_value": "7.30" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + }, + { + "version_name": "<", + "version_value": "7.51" + }, + { + "version_name": "<", + "version_value": "7.52" + }, + { + "version_name": "<", + "version_value": "7.53" + }, + { + "version_name": "<", + "version_value": "7.54" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2884910", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2884910" } ] } diff --git a/2020/6xxx/CVE-2020-6206.json b/2020/6xxx/CVE-2020-6206.json index 728adaa350b..4d5f41bf647 100644 --- a/2020/6xxx/CVE-2020-6206.json +++ b/2020/6xxx/CVE-2020-6206.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Cloud Platform Integration for Data Services", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted by external attackers, leading to Cross Site Request Forgery." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2859004", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2859004" } ] } diff --git a/2020/6xxx/CVE-2020-6207.json b/2020/6xxx/CVE-2020-6207.json index 30475491f52..d5d6dbe956e 100644 --- a/2020/6xxx/CVE-2020-6207.json +++ b/2020/6xxx/CVE-2020-6207.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Solution Manager (User Experience Monitoring)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.2" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "10.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authentication Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2890213", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2890213" } ] } diff --git a/2020/6xxx/CVE-2020-6208.json b/2020/6xxx/CVE-2020-6208.json index 4fb8d07af30..2f06c2afb04 100644 --- a/2020/6xxx/CVE-2020-6208.json +++ b/2020/6xxx/CVE-2020-6208.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Business Objects Business Intelligence Platform (Crystal Reports)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "4.1" + }, + { + "version_name": "<", + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2861301", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2861301" } ] } diff --git a/2020/6xxx/CVE-2020-6209.json b/2020/6xxx/CVE-2020-6209.json index c706b4f5f6c..74e7c413fd7 100644 --- a/2020/6xxx/CVE-2020-6209.json +++ b/2020/6xxx/CVE-2020-6209.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Disclosure Management", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "10.1" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2858044", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2858044" } ] } diff --git a/2020/6xxx/CVE-2020-6210.json b/2020/6xxx/CVE-2020-6210.json index 3bdb154c6d8..e914469f389 100644 --- a/2020/6xxx/CVE-2020-6210.json +++ b/2020/6xxx/CVE-2020-6210.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Fiori Launchpad", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "753" + }, + { + "version_name": "<", + "version_value": "754" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2864462", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2864462" } ] } From a656a63bcc26df9712407e678529d3d7cdd1988f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 22:01:18 +0000 Subject: [PATCH 028/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10375.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10376.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10375.json create mode 100644 2020/10xxx/CVE-2020-10376.json diff --git a/2020/10xxx/CVE-2020-10375.json b/2020/10xxx/CVE-2020-10375.json new file mode 100644 index 00000000000..4e7bfe4cbde --- /dev/null +++ b/2020/10xxx/CVE-2020-10375.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10375", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10376.json b/2020/10xxx/CVE-2020-10376.json new file mode 100644 index 00000000000..253a280ae0e --- /dev/null +++ b/2020/10xxx/CVE-2020-10376.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10376", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 839697511323356b08c5d8584cd811c7575e7659 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 22:01:41 +0000 Subject: [PATCH 029/144] "-Synchronized-Data." --- 2019/5xxx/CVE-2019-5135.json | 71 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5149.json | 74 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5155.json | 64 +++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10377.json | 18 +++++++++ 4 files changed, 206 insertions(+), 21 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10377.json diff --git a/2019/5xxx/CVE-2019-5135.json b/2019/5xxx/CVE-2019-5135.json index 86f63e6c024..0505dc8eaf5 100644 --- a/2019/5xxx/CVE-2019-5135.json +++ b/2019/5xxx/CVE-2019-5135.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5135", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5135", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.00.39(12)" + }, + { + "version_value": "version 03.01.07(13)" + } + ] + } + }, + { + "product_name": "WAGO PFC100 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.00.39(12)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12)." } ] } diff --git a/2019/5xxx/CVE-2019-5149.json b/2019/5xxx/CVE-2019-5149.json index 899c8ad9352..d878556d01d 100644 --- a/2019/5xxx/CVE-2019-5149.json +++ b/2019/5xxx/CVE-2019-5149.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5149", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5149", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.00.39(12)" + }, + { + "version_value": "version 03.01.07(13)" + } + ] + } + }, + { + "product_name": "WAGO PFC100 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.00.39(12)" + }, + { + "version_value": "version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0939", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0939" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version 03.00.39(12) and version 03.01.07(13), and WAGO PFC100 Firmware version 03.00.39(12) and version 03.02.02(14)." } ] } diff --git a/2019/5xxx/CVE-2019-5155.json b/2019/5xxx/CVE-2019-5155.json index 234bd9c1214..1239010e19e 100644 --- a/2019/5xxx/CVE-2019-5155.json +++ b/2019/5xxx/CVE-2019-5155.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5155", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5155", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.02.02(14)" + }, + { + "version_value": "version 03.01.07(13)" + }, + { + "version_value": "version 03.00.39(12)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\u201cCommand Injection\u201d" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0948", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0948" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.02(14), version 03.01.07(13), and version 03.00.39(12)" } ] } diff --git a/2020/10xxx/CVE-2020-10377.json b/2020/10xxx/CVE-2020-10377.json new file mode 100644 index 00000000000..4eee213a515 --- /dev/null +++ b/2020/10xxx/CVE-2020-10377.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10377", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From e6317821893f38423bb7421f3b56ae7c712b0b95 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 23:01:17 +0000 Subject: [PATCH 030/144] "-Synchronized-Data." --- 2019/5xxx/CVE-2019-5159.json | 58 ++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5160.json | 64 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5166.json | 58 ++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5167.json | 58 ++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5168.json | 58 ++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10378.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10379.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10380.json | 18 ++++++++++ 8 files changed, 315 insertions(+), 35 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10378.json create mode 100644 2020/10xxx/CVE-2020-10379.json create mode 100644 2020/10xxx/CVE-2020-10380.json diff --git a/2019/5xxx/CVE-2019-5159.json b/2019/5xxx/CVE-2019-5159.json index b21a5d657fb..95340438dd9 100644 --- a/2019/5xxx/CVE-2019-5159.json +++ b/2019/5xxx/CVE-2019-5159.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5159", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5159", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO e!COCKPIT", + "version": { + "version_data": [ + { + "version_value": "1.6.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0952" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5160.json b/2019/5xxx/CVE-2019-5160.json index 129b57743b4..ab4c95436fd 100644 --- a/2019/5xxx/CVE-2019-5160.json +++ b/2019/5xxx/CVE-2019-5160.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5160", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5160", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.02.02(14)" + }, + { + "version_value": "version 03.01.07(13)" + }, + { + "version_value": "version 03.00.39(12)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper access control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0953" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node." } ] } diff --git a/2019/5xxx/CVE-2019-5166.json b/2019/5xxx/CVE-2019-5166.json index 64378b85132..0bbdbd44970 100644 --- a/2019/5xxx/CVE-2019-5166.json +++ b/2019/5xxx/CVE-2019-5166.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5166", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5166", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0961", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0961" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable stack buffer overflow vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file." } ] } diff --git a/2019/5xxx/CVE-2019-5167.json b/2019/5xxx/CVE-2019-5167.json index 96964b7a98e..bb8d356ecf2 100644 --- a/2019/5xxx/CVE-2019-5167.json +++ b/2019/5xxx/CVE-2019-5167.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5167", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5167", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name= using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file." } ] } diff --git a/2019/5xxx/CVE-2019-5168.json b/2019/5xxx/CVE-2019-5168.json index 8c63204bdd6..982ea3ceba0 100644 --- a/2019/5xxx/CVE-2019-5168.json +++ b/2019/5xxx/CVE-2019-5168.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5168", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5168", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 version 03.02.02(14). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name= using sprintf().This command is later executed via a call to system()." } ] } diff --git a/2020/10xxx/CVE-2020-10378.json b/2020/10xxx/CVE-2020-10378.json new file mode 100644 index 00000000000..af072550e8d --- /dev/null +++ b/2020/10xxx/CVE-2020-10378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10379.json b/2020/10xxx/CVE-2020-10379.json new file mode 100644 index 00000000000..1cb57ee5e4a --- /dev/null +++ b/2020/10xxx/CVE-2020-10379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10380.json b/2020/10xxx/CVE-2020-10380.json new file mode 100644 index 00000000000..ed12922811d --- /dev/null +++ b/2020/10xxx/CVE-2020-10380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 8ea4b65f3ce95402b0c95a46a159039b1313acd7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 00:01:17 +0000 Subject: [PATCH 031/144] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10807.json | 55 ++++++++++++++++++++++++-- 2019/5xxx/CVE-2019-5106.json | 58 +++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5107.json | 58 +++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5134.json | 71 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5156.json | 64 ++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5157.json | 64 ++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5158.json | 58 +++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5161.json | 64 ++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10381.json | 18 +++++++++ 2020/10xxx/CVE-2020-10382.json | 18 +++++++++ 2020/10xxx/CVE-2020-10383.json | 18 +++++++++ 2020/10xxx/CVE-2020-10384.json | 18 +++++++++ 12 files changed, 512 insertions(+), 52 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10381.json create mode 100644 2020/10xxx/CVE-2020-10382.json create mode 100644 2020/10xxx/CVE-2020-10383.json create mode 100644 2020/10xxx/CVE-2020-10384.json diff --git a/2019/10xxx/CVE-2019-10807.json b/2019/10xxx/CVE-2019-10807.json index 5c8067f43ab..84c8eb6d363 100644 --- a/2019/10xxx/CVE-2019-10807.json +++ b/2019/10xxx/CVE-2019-10807.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "blamer", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/kucherenko/blamer/commit/5fada8c9b6986ecd28942b724fa682e77ce1e11c,", + "url": "https://github.com/kucherenko/blamer/commit/5fada8c9b6986ecd28942b724fa682e77ce1e11c," + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-BLAMER-559541", + "url": "https://snyk.io/vuln/SNYK-JS-BLAMER-559541" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer." } ] } diff --git a/2019/5xxx/CVE-2019-5106.json b/2019/5xxx/CVE-2019-5106.json index e3f4ba4e975..5a79c3c4e0c 100644 --- a/2019/5xxx/CVE-2019-5106.json +++ b/2019/5xxx/CVE-2019-5106.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5106", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5106", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO e!Cockpit", + "version": { + "version_data": [ + { + "version_value": "1.5.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of a Broken or Risky Cryptographic Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0898" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text." } ] } diff --git a/2019/5xxx/CVE-2019-5107.json b/2019/5xxx/CVE-2019-5107.json index 5eb25354601..40b10954c0c 100644 --- a/2019/5xxx/CVE-2019-5107.json +++ b/2019/5xxx/CVE-2019-5107.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5107", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5107", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO e!Cockpit", + "version": { + "version_data": [ + { + "version_value": "1.5.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0899" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints." } ] } diff --git a/2019/5xxx/CVE-2019-5134.json b/2019/5xxx/CVE-2019-5134.json index ca335318761..c06239f28ed 100644 --- a/2019/5xxx/CVE-2019-5134.json +++ b/2019/5xxx/CVE-2019-5134.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5134", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5134", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.00.39(12)" + }, + { + "version_value": "version 03.01.07(13)" + } + ] + } + }, + { + "product_name": "WAGO PFC100 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.00.39(12)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "regular expression without anchors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0923", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0923" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure." } ] } diff --git a/2019/5xxx/CVE-2019-5156.json b/2019/5xxx/CVE-2019-5156.json index f952c6dd3a0..c7fcd128cbf 100644 --- a/2019/5xxx/CVE-2019-5156.json +++ b/2019/5xxx/CVE-2019-5156.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5156", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5156", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.02.02(14)" + }, + { + "version_value": "version 03.01.07(13)" + }, + { + "version_value": "version 03.00.39(12)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0949", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0949" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command." } ] } diff --git a/2019/5xxx/CVE-2019-5157.json b/2019/5xxx/CVE-2019-5157.json index 88a4536def6..7703fad82fb 100644 --- a/2019/5xxx/CVE-2019-5157.json +++ b/2019/5xxx/CVE-2019-5157.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5157", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5157", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.02.02(14)" + }, + { + "version_value": "version 03.01.07(13)" + }, + { + "version_value": "version 03.00.39(12)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0950", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0950" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command." } ] } diff --git a/2019/5xxx/CVE-2019-5158.json b/2019/5xxx/CVE-2019-5158.json index f177fd8380c..c9f69b514dc 100644 --- a/2019/5xxx/CVE-2019-5158.json +++ b/2019/5xxx/CVE-2019-5158.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5158", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5158", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO e!COCKPIT", + "version": { + "version_data": [ + { + "version_value": "1.6.1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0951" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5161.json b/2019/5xxx/CVE-2019-5161.json index 0e86554dc6b..fb873a4f901 100644 --- a/2019/5xxx/CVE-2019-5161.json +++ b/2019/5xxx/CVE-2019-5161.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5161", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5161", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.02.02(14)" + }, + { + "version_value": "version 03.01.07(13)" + }, + { + "version_value": "version 03.00.39(12)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0954", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0954" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges." } ] } diff --git a/2020/10xxx/CVE-2020-10381.json b/2020/10xxx/CVE-2020-10381.json new file mode 100644 index 00000000000..5f06895bf14 --- /dev/null +++ b/2020/10xxx/CVE-2020-10381.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10381", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10382.json b/2020/10xxx/CVE-2020-10382.json new file mode 100644 index 00000000000..4e87487bb90 --- /dev/null +++ b/2020/10xxx/CVE-2020-10382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10383.json b/2020/10xxx/CVE-2020-10383.json new file mode 100644 index 00000000000..0087bec2bc5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10384.json b/2020/10xxx/CVE-2020-10384.json new file mode 100644 index 00000000000..62cd9b55d06 --- /dev/null +++ b/2020/10xxx/CVE-2020-10384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 13fbe6af7bdd1460d88295555850ac1f0ab5a39e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 01:01:11 +0000 Subject: [PATCH 032/144] "-Synchronized-Data." --- 2018/14xxx/CVE-2018-14553.json | 5 +++++ 2019/11xxx/CVE-2019-11038.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2018/14xxx/CVE-2018-14553.json b/2018/14xxx/CVE-2018-14553.json index 3ef221a7e5d..f8562c195e5 100644 --- a/2018/14xxx/CVE-2018-14553.json +++ b/2018/14xxx/CVE-2018-14553.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2106-1] libgd2 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0332", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html" } ] } diff --git a/2019/11xxx/CVE-2019-11038.json b/2019/11xxx/CVE-2019-11038.json index b99f9676b2f..d55325c1b2e 100644 --- a/2019/11xxx/CVE-2019-11038.json +++ b/2019/11xxx/CVE-2019-11038.json @@ -140,6 +140,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3299", "url": "https://access.redhat.com/errata/RHSA-2019:3299" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0332", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html" } ] }, From b52490d1759fa3d24619682e5b549f5920eb2888 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 04:01:16 +0000 Subject: [PATCH 033/144] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20445.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/20xxx/CVE-2019-20445.json b/2019/20xxx/CVE-2019-20445.json index 92476c28284..e8445711593 100644 --- a/2019/20xxx/CVE-2019-20445.json +++ b/2019/20xxx/CVE-2019-20445.json @@ -196,6 +196,11 @@ "refsource": "MLIST", "name": "[spark-issues] 20200309 [jira] [Created] (SPARK-31095) Upgrade netty version to fix security vulnerabilities", "url": "https://lists.apache.org/thread.html/rb5c065e7bd701b0744f9f28ad769943f91745102716c1eb516325f11@%3Cissues.spark.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[spark-reviews] 20200310 [GitHub] [spark] dongjoon-hyun commented on issue #27870: [SPARK-31095][BUILD][2.4] Upgrade netty-all to 4.1.47.Final", + "url": "https://lists.apache.org/thread.html/r46f93de62b1e199f3f9babb18128681677c53493546f532ed88c359d@%3Creviews.spark.apache.org%3E" } ] } From de7afa7e4fd487dfbfefa283e466bab83e902704 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 05:01:17 +0000 Subject: [PATCH 034/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10385.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10385.json diff --git a/2020/10xxx/CVE-2020-10385.json b/2020/10xxx/CVE-2020-10385.json new file mode 100644 index 00000000000..373e15421e8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10385.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10385", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 24600f7644d4b67e2b1cfe25cdb4f332ab209682 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 09:01:15 +0000 Subject: [PATCH 035/144] "-Synchronized-Data." --- 2017/2xxx/CVE-2017-2284.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2017/2xxx/CVE-2017-2284.json b/2017/2xxx/CVE-2017-2284.json index 306e2e5aeec..0000ddd6383 100644 --- a/2017/2xxx/CVE-2017-2284.json +++ b/2017/2xxx/CVE-2017-2284.json @@ -66,6 +66,11 @@ "name": "https://wordpress.org/plugins/popup-maker/#developers", "refsource": "MISC", "url": "https://wordpress.org/plugins/popup-maker/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8878", + "url": "https://wpvulndb.com/vulnerabilities/8878" } ] } From f5fc9c52e9ec7148c98e3dc7d1d71deee914b94d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 12:01:25 +0000 Subject: [PATCH 036/144] "-Synchronized-Data." --- 2015/9xxx/CVE-2015-9251.json | 5 +++++ 2017/18xxx/CVE-2017-18635.json | 5 +++++ 2018/14xxx/CVE-2018-14335.json | 5 +++++ 2018/16xxx/CVE-2018-16871.json | 5 +++++ 2018/1xxx/CVE-2018-1311.json | 10 ++++++++++ 2019/10xxx/CVE-2019-10173.json | 5 +++++ 2019/10xxx/CVE-2019-10174.json | 5 +++++ 2019/10xxx/CVE-2019-10184.json | 5 +++++ 2019/10xxx/CVE-2019-10212.json | 5 +++++ 2019/11xxx/CVE-2019-11135.json | 5 +++++ 2019/11xxx/CVE-2019-11884.json | 5 +++++ 2019/12xxx/CVE-2019-12402.json | 5 +++++ 2019/14xxx/CVE-2019-14378.json | 5 +++++ 2019/14xxx/CVE-2019-14379.json | 5 +++++ 2019/14xxx/CVE-2019-14838.json | 5 +++++ 2019/14xxx/CVE-2019-14846.json | 5 +++++ 2019/14xxx/CVE-2019-14856.json | 5 +++++ 2019/14xxx/CVE-2019-14858.json | 5 +++++ 2019/14xxx/CVE-2019-14888.json | 5 +++++ 2019/14xxx/CVE-2019-14892.json | 5 +++++ 2019/14xxx/CVE-2019-14893.json | 5 +++++ 2019/15xxx/CVE-2019-15030.json | 5 +++++ 2019/15xxx/CVE-2019-15605.json | 15 +++++++++++++++ 2019/15xxx/CVE-2019-15890.json | 5 +++++ 2019/15xxx/CVE-2019-15916.json | 5 +++++ 2019/16xxx/CVE-2019-16276.json | 5 +++++ 2019/16xxx/CVE-2019-16335.json | 5 +++++ 2019/16xxx/CVE-2019-16785.json | 5 +++++ 2019/16xxx/CVE-2019-16786.json | 5 +++++ 2019/16xxx/CVE-2019-16789.json | 5 +++++ 2019/16xxx/CVE-2019-16865.json | 10 ++++++++++ 2019/17xxx/CVE-2019-17134.json | 5 +++++ 2019/17xxx/CVE-2019-17666.json | 5 +++++ 2019/18xxx/CVE-2019-18634.json | 5 +++++ 2019/18xxx/CVE-2019-18805.json | 5 +++++ 2019/19xxx/CVE-2019-19921.json | 5 +++++ 2019/3xxx/CVE-2019-3459.json | 5 +++++ 2019/3xxx/CVE-2019-3460.json | 5 +++++ 2019/3xxx/CVE-2019-3805.json | 5 +++++ 2019/3xxx/CVE-2019-3888.json | 5 +++++ 2019/9xxx/CVE-2019-9008.json | 5 +++++ 2019/9xxx/CVE-2019-9009.json | 5 +++++ 2019/9xxx/CVE-2019-9010.json | 5 +++++ 2019/9xxx/CVE-2019-9012.json | 5 +++++ 2019/9xxx/CVE-2019-9013.json | 5 +++++ 2019/9xxx/CVE-2019-9512.json | 5 +++++ 2019/9xxx/CVE-2019-9514.json | 5 +++++ 2019/9xxx/CVE-2019-9515.json | 5 +++++ 2019/9xxx/CVE-2019-9518.json | 5 +++++ 2020/1xxx/CVE-2020-1708.json | 10 ++++++++++ 2020/1xxx/CVE-2020-1711.json | 15 +++++++++++++++ 2020/1xxx/CVE-2020-1726.json | 5 +++++ 2020/1xxx/CVE-2020-1938.json | 10 ++++++++++ 2020/5xxx/CVE-2020-5312.json | 10 ++++++++++ 2020/6xxx/CVE-2020-6383.json | 5 +++++ 2020/6xxx/CVE-2020-6384.json | 5 +++++ 2020/6xxx/CVE-2020-6386.json | 5 +++++ 2020/6xxx/CVE-2020-6407.json | 5 +++++ 2020/6xxx/CVE-2020-6418.json | 5 +++++ 2020/7xxx/CVE-2020-7039.json | 5 +++++ 2020/8xxx/CVE-2020-8659.json | 5 +++++ 2020/8xxx/CVE-2020-8660.json | 5 +++++ 2020/8xxx/CVE-2020-8661.json | 5 +++++ 2020/8xxx/CVE-2020-8664.json | 5 +++++ 2020/8xxx/CVE-2020-8840.json | 5 +++++ 2020/8xxx/CVE-2020-8945.json | 10 ++++++++++ 66 files changed, 380 insertions(+) diff --git a/2015/9xxx/CVE-2015-9251.json b/2015/9xxx/CVE-2015-9251.json index 68f38951d9a..fe12ae4229a 100644 --- a/2015/9xxx/CVE-2015-9251.json +++ b/2015/9xxx/CVE-2015-9251.json @@ -201,6 +201,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0481", "url": "https://access.redhat.com/errata/RHSA-2020:0481" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0729", + "url": "https://access.redhat.com/errata/RHSA-2020:0729" } ] } diff --git a/2017/18xxx/CVE-2017-18635.json b/2017/18xxx/CVE-2017-18635.json index c91641d95e7..9a0e6632668 100644 --- a/2017/18xxx/CVE-2017-18635.json +++ b/2017/18xxx/CVE-2017-18635.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "https://github.com/ShielderSec/cve-2017-18635", "url": "https://github.com/ShielderSec/cve-2017-18635" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0754", + "url": "https://access.redhat.com/errata/RHSA-2020:0754" } ] } diff --git a/2018/14xxx/CVE-2018-14335.json b/2018/14xxx/CVE-2018-14335.json index 775ca75084c..b64f8a26336 100644 --- a/2018/14xxx/CVE-2018-14335.json +++ b/2018/14xxx/CVE-2018-14335.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[ignite-user] 20191213 Re: H2 version security concern", "url": "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e@%3Cuser.ignite.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] } diff --git a/2018/16xxx/CVE-2018-16871.json b/2018/16xxx/CVE-2018-16871.json index aa14ac11df6..42d6de35b07 100644 --- a/2018/16xxx/CVE-2018-16871.json +++ b/2018/16xxx/CVE-2018-16871.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K18657134?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K18657134?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0740", + "url": "https://access.redhat.com/errata/RHSA-2020:0740" } ] }, diff --git a/2018/1xxx/CVE-2018-1311.json b/2018/1xxx/CVE-2018-1311.json index 86c65976dd7..54194a6eda3 100644 --- a/2018/1xxx/CVE-2018-1311.json +++ b/2018/1xxx/CVE-2018-1311.json @@ -53,6 +53,16 @@ "refsource": "MLIST", "name": "[xerces-c-dev] 20200110 [xerces-c] 06/13: Add CVE-2018-1311 advisory and web site note.", "url": "https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b@%3Cc-dev.xerces.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0704", + "url": "https://access.redhat.com/errata/RHSA-2020:0704" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0702", + "url": "https://access.redhat.com/errata/RHSA-2020:0702" } ] }, diff --git a/2019/10xxx/CVE-2019-10173.json b/2019/10xxx/CVE-2019-10173.json index 215966a146a..9c09c52427e 100644 --- a/2019/10xxx/CVE-2019-10173.json +++ b/2019/10xxx/CVE-2019-10173.json @@ -68,6 +68,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0445", "url": "https://access.redhat.com/errata/RHSA-2020:0445" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] }, diff --git a/2019/10xxx/CVE-2019-10174.json b/2019/10xxx/CVE-2019-10174.json index a53291c3186..570ae7e9624 100644 --- a/2019/10xxx/CVE-2019-10174.json +++ b/2019/10xxx/CVE-2019-10174.json @@ -56,6 +56,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0481", "url": "https://access.redhat.com/errata/RHSA-2020:0481" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] }, diff --git a/2019/10xxx/CVE-2019-10184.json b/2019/10xxx/CVE-2019-10184.json index 581edcb7927..b33251fe8fe 100644 --- a/2019/10xxx/CVE-2019-10184.json +++ b/2019/10xxx/CVE-2019-10184.json @@ -98,6 +98,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3046", "url": "https://access.redhat.com/errata/RHSA-2019:3046" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] }, diff --git a/2019/10xxx/CVE-2019-10212.json b/2019/10xxx/CVE-2019-10212.json index e76362ad6d2..7a29d57374a 100644 --- a/2019/10xxx/CVE-2019-10212.json +++ b/2019/10xxx/CVE-2019-10212.json @@ -53,6 +53,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2998", "url": "https://access.redhat.com/errata/RHSA-2019:2998" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] }, diff --git a/2019/11xxx/CVE-2019-11135.json b/2019/11xxx/CVE-2019-11135.json index 4728fc9e63c..ce672d4caec 100644 --- a/2019/11xxx/CVE-2019-11135.json +++ b/2019/11xxx/CVE-2019-11135.json @@ -178,6 +178,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0666", "url": "https://access.redhat.com/errata/RHSA-2020:0666" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0730", + "url": "https://access.redhat.com/errata/RHSA-2020:0730" } ] }, diff --git a/2019/11xxx/CVE-2019-11884.json b/2019/11xxx/CVE-2019-11884.json index a86e3d6c3cb..f684d916c16 100644 --- a/2019/11xxx/CVE-2019-11884.json +++ b/2019/11xxx/CVE-2019-11884.json @@ -161,6 +161,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3517", "url": "https://access.redhat.com/errata/RHSA-2019:3517" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0740", + "url": "https://access.redhat.com/errata/RHSA-2020:0740" } ] } diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 9172c6361e6..a315467f33a 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -88,6 +88,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", "url": "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2019/14xxx/CVE-2019-14378.json b/2019/14xxx/CVE-2019-14378.json index 461f691ec54..7bbcc2657d2 100644 --- a/2019/14xxx/CVE-2019-14378.json +++ b/2019/14xxx/CVE-2019-14378.json @@ -181,6 +181,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0366", "url": "https://access.redhat.com/errata/RHSA-2020:0366" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0775", + "url": "https://access.redhat.com/errata/RHSA-2020:0775" } ] } diff --git a/2019/14xxx/CVE-2019-14379.json b/2019/14xxx/CVE-2019-14379.json index de864261744..72f0b3970bf 100644 --- a/2019/14xxx/CVE-2019-14379.json +++ b/2019/14xxx/CVE-2019-14379.json @@ -301,6 +301,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] } diff --git a/2019/14xxx/CVE-2019-14838.json b/2019/14xxx/CVE-2019-14838.json index ff5d0d59b06..150c9dc2bf5 100644 --- a/2019/14xxx/CVE-2019-14838.json +++ b/2019/14xxx/CVE-2019-14838.json @@ -98,6 +98,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4041", "url": "https://access.redhat.com/errata/RHSA-2019:4041" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0728", + "url": "https://access.redhat.com/errata/RHSA-2020:0728" } ] }, diff --git a/2019/14xxx/CVE-2019-14846.json b/2019/14xxx/CVE-2019-14846.json index f4b90ba2826..e4638ac88a7 100644 --- a/2019/14xxx/CVE-2019-14846.json +++ b/2019/14xxx/CVE-2019-14846.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3201", "url": "https://access.redhat.com/errata/RHSA-2019:3201" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0756", + "url": "https://access.redhat.com/errata/RHSA-2020:0756" } ] }, diff --git a/2019/14xxx/CVE-2019-14856.json b/2019/14xxx/CVE-2019-14856.json index bd7aed0aa49..2a90ee90c4f 100644 --- a/2019/14xxx/CVE-2019-14856.json +++ b/2019/14xxx/CVE-2019-14856.json @@ -54,6 +54,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856", "refsource": "CONFIRM" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0756", + "url": "https://access.redhat.com/errata/RHSA-2020:0756" } ] }, diff --git a/2019/14xxx/CVE-2019-14858.json b/2019/14xxx/CVE-2019-14858.json index 727ce0a8264..8f6ddfd2cd8 100644 --- a/2019/14xxx/CVE-2019-14858.json +++ b/2019/14xxx/CVE-2019-14858.json @@ -79,6 +79,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3201", "url": "https://access.redhat.com/errata/RHSA-2019:3201" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0756", + "url": "https://access.redhat.com/errata/RHSA-2020:0756" } ] }, diff --git a/2019/14xxx/CVE-2019-14888.json b/2019/14xxx/CVE-2019-14888.json index 3407994e330..81c139db374 100644 --- a/2019/14xxx/CVE-2019-14888.json +++ b/2019/14xxx/CVE-2019-14888.json @@ -48,6 +48,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888", "refsource": "CONFIRM" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0729", + "url": "https://access.redhat.com/errata/RHSA-2020:0729" } ] }, diff --git a/2019/14xxx/CVE-2019-14892.json b/2019/14xxx/CVE-2019-14892.json index 3ad379ed3cb..b1cea787ded 100644 --- a/2019/14xxx/CVE-2019-14892.json +++ b/2019/14xxx/CVE-2019-14892.json @@ -67,6 +67,11 @@ "url": "https://github.com/FasterXML/jackson-databind/issues/2462", "name": "https://github.com/FasterXML/jackson-databind/issues/2462", "refsource": "MISC" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0729", + "url": "https://access.redhat.com/errata/RHSA-2020:0729" } ] }, diff --git a/2019/14xxx/CVE-2019-14893.json b/2019/14xxx/CVE-2019-14893.json index 49574378bcb..2c53294ee6f 100644 --- a/2019/14xxx/CVE-2019-14893.json +++ b/2019/14xxx/CVE-2019-14893.json @@ -64,6 +64,11 @@ "url": "https://github.com/FasterXML/jackson-databind/issues/2469", "name": "https://github.com/FasterXML/jackson-databind/issues/2469", "refsource": "MISC" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0729", + "url": "https://access.redhat.com/errata/RHSA-2020:0729" } ] }, diff --git a/2019/15xxx/CVE-2019-15030.json b/2019/15xxx/CVE-2019-15030.json index f0ea7fb3bdc..b2c327383c9 100644 --- a/2019/15xxx/CVE-2019-15030.json +++ b/2019/15xxx/CVE-2019-15030.json @@ -86,6 +86,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191004-0001/", "url": "https://security.netapp.com/advisory/ntap-20191004-0001/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0740", + "url": "https://access.redhat.com/errata/RHSA-2020:0740" } ] } diff --git a/2019/15xxx/CVE-2019-15605.json b/2019/15xxx/CVE-2019-15605.json index 7393f4a3eaa..80c3dc1b5ae 100644 --- a/2019/15xxx/CVE-2019-15605.json +++ b/2019/15xxx/CVE-2019-15605.json @@ -113,6 +113,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0293", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0703", + "url": "https://access.redhat.com/errata/RHSA-2020:0703" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0707", + "url": "https://access.redhat.com/errata/RHSA-2020:0707" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0708", + "url": "https://access.redhat.com/errata/RHSA-2020:0708" } ] }, diff --git a/2019/15xxx/CVE-2019-15890.json b/2019/15xxx/CVE-2019-15890.json index 898fe329e92..50d7268db08 100644 --- a/2019/15xxx/CVE-2019-15890.json +++ b/2019/15xxx/CVE-2019-15890.json @@ -91,6 +91,11 @@ "refsource": "DEBIAN", "name": "DSA-4616", "url": "https://www.debian.org/security/2020/dsa-4616" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0775", + "url": "https://access.redhat.com/errata/RHSA-2020:0775" } ] } diff --git a/2019/15xxx/CVE-2019-15916.json b/2019/15xxx/CVE-2019-15916.json index 745721b301b..514a5012fea 100644 --- a/2019/15xxx/CVE-2019-15916.json +++ b/2019/15xxx/CVE-2019-15916.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0740", + "url": "https://access.redhat.com/errata/RHSA-2020:0740" } ] } diff --git a/2019/16xxx/CVE-2019-16276.json b/2019/16xxx/CVE-2019-16276.json index 655c32220be..cb63130bc43 100644 --- a/2019/16xxx/CVE-2019-16276.json +++ b/2019/16xxx/CVE-2019-16276.json @@ -101,6 +101,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0329", "url": "https://access.redhat.com/errata/RHSA-2020:0329" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0652", + "url": "https://access.redhat.com/errata/RHSA-2020:0652" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index e0b1b9d93c9..67be56f5283 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -181,6 +181,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0445", "url": "https://access.redhat.com/errata/RHSA-2020:0445" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0729", + "url": "https://access.redhat.com/errata/RHSA-2020:0729" } ] } diff --git a/2019/16xxx/CVE-2019-16785.json b/2019/16xxx/CVE-2019-16785.json index fbf110df5b6..34029307016 100644 --- a/2019/16xxx/CVE-2019-16785.json +++ b/2019/16xxx/CVE-2019-16785.json @@ -95,6 +95,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-65a7744e38", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0720", + "url": "https://access.redhat.com/errata/RHSA-2020:0720" } ] }, diff --git a/2019/16xxx/CVE-2019-16786.json b/2019/16xxx/CVE-2019-16786.json index d4fbaf5a33e..a80eed11499 100644 --- a/2019/16xxx/CVE-2019-16786.json +++ b/2019/16xxx/CVE-2019-16786.json @@ -95,6 +95,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-65a7744e38", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0720", + "url": "https://access.redhat.com/errata/RHSA-2020:0720" } ] }, diff --git a/2019/16xxx/CVE-2019-16789.json b/2019/16xxx/CVE-2019-16789.json index bb06e36fcae..d3bb41ffefc 100644 --- a/2019/16xxx/CVE-2019-16789.json +++ b/2019/16xxx/CVE-2019-16789.json @@ -95,6 +95,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-65a7744e38", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0720", + "url": "https://access.redhat.com/errata/RHSA-2020:0720" } ] }, diff --git a/2019/16xxx/CVE-2019-16865.json b/2019/16xxx/CVE-2019-16865.json index f2771c9137e..b01bac5f1ac 100644 --- a/2019/16xxx/CVE-2019-16865.json +++ b/2019/16xxx/CVE-2019-16865.json @@ -91,6 +91,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0578", "url": "https://access.redhat.com/errata/RHSA-2020:0578" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0681", + "url": "https://access.redhat.com/errata/RHSA-2020:0681" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0683", + "url": "https://access.redhat.com/errata/RHSA-2020:0683" } ] } diff --git a/2019/17xxx/CVE-2019-17134.json b/2019/17xxx/CVE-2019-17134.json index 2d88ceb40e3..1b5f3271a17 100644 --- a/2019/17xxx/CVE-2019-17134.json +++ b/2019/17xxx/CVE-2019-17134.json @@ -106,6 +106,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3788", "url": "https://access.redhat.com/errata/RHSA-2019:3788" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0721", + "url": "https://access.redhat.com/errata/RHSA-2020:0721" } ] } diff --git a/2019/17xxx/CVE-2019-17666.json b/2019/17xxx/CVE-2019-17666.json index a08e824ad8d..a48b7d1c8e9 100644 --- a/2019/17xxx/CVE-2019-17666.json +++ b/2019/17xxx/CVE-2019-17666.json @@ -141,6 +141,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0661", "url": "https://access.redhat.com/errata/RHSA-2020:0661" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0740", + "url": "https://access.redhat.com/errata/RHSA-2020:0740" } ] } diff --git a/2019/18xxx/CVE-2019-18634.json b/2019/18xxx/CVE-2019-18634.json index 7065e5e4474..3b3e43c3f03 100644 --- a/2019/18xxx/CVE-2019-18634.json +++ b/2019/18xxx/CVE-2019-18634.json @@ -166,6 +166,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-8b563bc5f4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0726", + "url": "https://access.redhat.com/errata/RHSA-2020:0726" } ] } diff --git a/2019/18xxx/CVE-2019-18805.json b/2019/18xxx/CVE-2019-18805.json index 1d14053bcee..4669b6adb86 100644 --- a/2019/18xxx/CVE-2019-18805.json +++ b/2019/18xxx/CVE-2019-18805.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191205-0001/", "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0740", + "url": "https://access.redhat.com/errata/RHSA-2020:0740" } ] } diff --git a/2019/19xxx/CVE-2019-19921.json b/2019/19xxx/CVE-2019-19921.json index 1d6e27e7891..687a461f100 100644 --- a/2019/19xxx/CVE-2019-19921.json +++ b/2019/19xxx/CVE-2019-19921.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0219", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0688", + "url": "https://access.redhat.com/errata/RHSA-2020:0688" } ] } diff --git a/2019/3xxx/CVE-2019-3459.json b/2019/3xxx/CVE-2019-3459.json index ae296a4ab36..40843b88e47 100644 --- a/2019/3xxx/CVE-2019-3459.json +++ b/2019/3xxx/CVE-2019-3459.json @@ -136,6 +136,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3517", "url": "https://access.redhat.com/errata/RHSA-2019:3517" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0740", + "url": "https://access.redhat.com/errata/RHSA-2020:0740" } ] }, diff --git a/2019/3xxx/CVE-2019-3460.json b/2019/3xxx/CVE-2019-3460.json index 918c8d8fa00..2077a64148a 100644 --- a/2019/3xxx/CVE-2019-3460.json +++ b/2019/3xxx/CVE-2019-3460.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3517", "url": "https://access.redhat.com/errata/RHSA-2019:3517" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0740", + "url": "https://access.redhat.com/errata/RHSA-2020:0740" } ] }, diff --git a/2019/3xxx/CVE-2019-3805.json b/2019/3xxx/CVE-2019-3805.json index 5596a5f7785..b5ef233d68d 100644 --- a/2019/3xxx/CVE-2019-3805.json +++ b/2019/3xxx/CVE-2019-3805.json @@ -78,6 +78,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2413", "url": "https://access.redhat.com/errata/RHSA-2019:2413" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] }, diff --git a/2019/3xxx/CVE-2019-3888.json b/2019/3xxx/CVE-2019-3888.json index 2c765a7ae4e..97afb1aefb7 100644 --- a/2019/3xxx/CVE-2019-3888.json +++ b/2019/3xxx/CVE-2019-3888.json @@ -63,6 +63,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2998", "url": "https://access.redhat.com/errata/RHSA-2019:2998" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] }, diff --git a/2019/9xxx/CVE-2019-9008.json b/2019/9xxx/CVE-2019-9008.json index 03e02f34c80..319d9844216 100644 --- a/2019/9xxx/CVE-2019-9008.json +++ b/2019/9xxx/CVE-2019-9008.json @@ -61,6 +61,11 @@ "refsource": "CERT", "name": "US Computer Emergency Readiness Team", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12939&token=5b93f0d95a68ff7461d2c249d8da00f16b8f9987&download=" } ] } diff --git a/2019/9xxx/CVE-2019-9009.json b/2019/9xxx/CVE-2019-9009.json index 28c44659ae3..90c4f67a161 100644 --- a/2019/9xxx/CVE-2019-9009.json +++ b/2019/9xxx/CVE-2019-9009.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12941&token=50fabe3870c7bdc41701eb1799dddeec103de40c&download=" } ] } diff --git a/2019/9xxx/CVE-2019-9010.json b/2019/9xxx/CVE-2019-9010.json index f3e2216523a..e0e7b214dd7 100644 --- a/2019/9xxx/CVE-2019-9010.json +++ b/2019/9xxx/CVE-2019-9010.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download=" } ] } diff --git a/2019/9xxx/CVE-2019-9012.json b/2019/9xxx/CVE-2019-9012.json index 2b89e5e32b2..e3a5b0033e8 100644 --- a/2019/9xxx/CVE-2019-9012.json +++ b/2019/9xxx/CVE-2019-9012.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12938&token=b9eb30f53246dc57b2e7cb302356a05547148fa2&download=" } ] } diff --git a/2019/9xxx/CVE-2019-9013.json b/2019/9xxx/CVE-2019-9013.json index 3cf9ffe2343..86a0d9e5f46 100644 --- a/2019/9xxx/CVE-2019-9013.json +++ b/2019/9xxx/CVE-2019-9013.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=" } ] } diff --git a/2019/9xxx/CVE-2019-9512.json b/2019/9xxx/CVE-2019-9512.json index debad638f37..9ca3f401de2 100644 --- a/2019/9xxx/CVE-2019-9512.json +++ b/2019/9xxx/CVE-2019-9512.json @@ -388,6 +388,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0406", "url": "https://access.redhat.com/errata/RHSA-2020:0406" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] }, diff --git a/2019/9xxx/CVE-2019-9514.json b/2019/9xxx/CVE-2019-9514.json index 5d860daa54a..14620f7b928 100644 --- a/2019/9xxx/CVE-2019-9514.json +++ b/2019/9xxx/CVE-2019-9514.json @@ -388,6 +388,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0406", "url": "https://access.redhat.com/errata/RHSA-2020:0406" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] }, diff --git a/2019/9xxx/CVE-2019-9515.json b/2019/9xxx/CVE-2019-9515.json index ad05e21dbf0..ad4174c650d 100644 --- a/2019/9xxx/CVE-2019-9515.json +++ b/2019/9xxx/CVE-2019-9515.json @@ -258,6 +258,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4352", "url": "https://access.redhat.com/errata/RHSA-2019:4352" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] }, diff --git a/2019/9xxx/CVE-2019-9518.json b/2019/9xxx/CVE-2019-9518.json index 04f415ef114..43173171fc8 100644 --- a/2019/9xxx/CVE-2019-9518.json +++ b/2019/9xxx/CVE-2019-9518.json @@ -198,6 +198,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4352", "url": "https://access.redhat.com/errata/RHSA-2019:4352" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0727", + "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ] }, diff --git a/2020/1xxx/CVE-2020-1708.json b/2020/1xxx/CVE-2020-1708.json index 19ccaf3b818..085fa38f18e 100644 --- a/2020/1xxx/CVE-2020-1708.json +++ b/2020/1xxx/CVE-2020-1708.json @@ -51,6 +51,16 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708", "refsource": "CONFIRM" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0681", + "url": "https://access.redhat.com/errata/RHSA-2020:0681" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0617", + "url": "https://access.redhat.com/errata/RHSA-2020:0617" } ] }, diff --git a/2020/1xxx/CVE-2020-1711.json b/2020/1xxx/CVE-2020-1711.json index 2a0a9740084..77f0670be36 100644 --- a/2020/1xxx/CVE-2020-1711.json +++ b/2020/1xxx/CVE-2020-1711.json @@ -68,6 +68,21 @@ "refsource": "REDHAT", "name": "RHSA-2020:0669", "url": "https://access.redhat.com/errata/RHSA-2020:0669" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0773", + "url": "https://access.redhat.com/errata/RHSA-2020:0773" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0730", + "url": "https://access.redhat.com/errata/RHSA-2020:0730" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0731", + "url": "https://access.redhat.com/errata/RHSA-2020:0731" } ] }, diff --git a/2020/1xxx/CVE-2020-1726.json b/2020/1xxx/CVE-2020-1726.json index 5e89bb5103c..e1482f0b99e 100644 --- a/2020/1xxx/CVE-2020-1726.json +++ b/2020/1xxx/CVE-2020-1726.json @@ -48,6 +48,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726", "refsource": "CONFIRM" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0680", + "url": "https://access.redhat.com/errata/RHSA-2020:0680" } ] }, diff --git a/2020/1xxx/CVE-2020-1938.json b/2020/1xxx/CVE-2020-1938.json index 025d7fa4e62..42f5852d712 100644 --- a/2020/1xxx/CVE-2020-1938.json +++ b/2020/1xxx/CVE-2020-1938.json @@ -154,6 +154,16 @@ "refsource": "MLIST", "name": "[tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938", "url": "https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1", + "url": "https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1", + "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E" } ] }, diff --git a/2020/5xxx/CVE-2020-5312.json b/2020/5xxx/CVE-2020-5312.json index 7b7d1a34402..9c73967bdf4 100644 --- a/2020/5xxx/CVE-2020-5312.json +++ b/2020/5xxx/CVE-2020-5312.json @@ -96,6 +96,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0578", "url": "https://access.redhat.com/errata/RHSA-2020:0578" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0681", + "url": "https://access.redhat.com/errata/RHSA-2020:0681" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0683", + "url": "https://access.redhat.com/errata/RHSA-2020:0683" } ] } diff --git a/2020/6xxx/CVE-2020-6383.json b/2020/6xxx/CVE-2020-6383.json index d8563333583..80fb5470b33 100644 --- a/2020/6xxx/CVE-2020-6383.json +++ b/2020/6xxx/CVE-2020-6383.json @@ -54,6 +54,11 @@ "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html", "refsource": "MISC", "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0738", + "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ] }, diff --git a/2020/6xxx/CVE-2020-6384.json b/2020/6xxx/CVE-2020-6384.json index 6b8ae114612..c4b39ac8368 100644 --- a/2020/6xxx/CVE-2020-6384.json +++ b/2020/6xxx/CVE-2020-6384.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1048473", "refsource": "MISC", "name": "https://crbug.com/1048473" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0738", + "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ] }, diff --git a/2020/6xxx/CVE-2020-6386.json b/2020/6xxx/CVE-2020-6386.json index f2d3307e272..2ee784db84c 100644 --- a/2020/6xxx/CVE-2020-6386.json +++ b/2020/6xxx/CVE-2020-6386.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1043603", "refsource": "MISC", "name": "https://crbug.com/1043603" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0738", + "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ] }, diff --git a/2020/6xxx/CVE-2020-6407.json b/2020/6xxx/CVE-2020-6407.json index 8536c1fff0e..1cd7a42bf3c 100644 --- a/2020/6xxx/CVE-2020-6407.json +++ b/2020/6xxx/CVE-2020-6407.json @@ -54,6 +54,11 @@ "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", "refsource": "MISC", "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0738", + "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ] }, diff --git a/2020/6xxx/CVE-2020-6418.json b/2020/6xxx/CVE-2020-6418.json index 1105f6798ff..d6914253e04 100644 --- a/2020/6xxx/CVE-2020-6418.json +++ b/2020/6xxx/CVE-2020-6418.json @@ -59,6 +59,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html", "url": "http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0738", + "url": "https://access.redhat.com/errata/RHSA-2020:0738" } ] }, diff --git a/2020/7xxx/CVE-2020-7039.json b/2020/7xxx/CVE-2020-7039.json index 184bdea5737..eb0310d9d9c 100644 --- a/2020/7xxx/CVE-2020-7039.json +++ b/2020/7xxx/CVE-2020-7039.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4283-1", "url": "https://usn.ubuntu.com/4283-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0775", + "url": "https://access.redhat.com/errata/RHSA-2020:0775" } ] } diff --git a/2020/8xxx/CVE-2020-8659.json b/2020/8xxx/CVE-2020-8659.json index 4bbb6592707..b0dc65fdeb5 100644 --- a/2020/8xxx/CVE-2020-8659.json +++ b/2020/8xxx/CVE-2020-8659.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0734", + "url": "https://access.redhat.com/errata/RHSA-2020:0734" } ] } diff --git a/2020/8xxx/CVE-2020-8660.json b/2020/8xxx/CVE-2020-8660.json index 682426291d5..acddebf5b2f 100644 --- a/2020/8xxx/CVE-2020-8660.json +++ b/2020/8xxx/CVE-2020-8660.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0734", + "url": "https://access.redhat.com/errata/RHSA-2020:0734" } ] } diff --git a/2020/8xxx/CVE-2020-8661.json b/2020/8xxx/CVE-2020-8661.json index 747f765c02b..14e31e81f1b 100644 --- a/2020/8xxx/CVE-2020-8661.json +++ b/2020/8xxx/CVE-2020-8661.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0734", + "url": "https://access.redhat.com/errata/RHSA-2020:0734" } ] } diff --git a/2020/8xxx/CVE-2020-8664.json b/2020/8xxx/CVE-2020-8664.json index 0e931ef60fd..85aeb8e32d4 100644 --- a/2020/8xxx/CVE-2020-8664.json +++ b/2020/8xxx/CVE-2020-8664.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0734", + "url": "https://access.redhat.com/errata/RHSA-2020:0734" } ] } diff --git a/2020/8xxx/CVE-2020-8840.json b/2020/8xxx/CVE-2020-8840.json index 6054691cf2f..499032c129c 100644 --- a/2020/8xxx/CVE-2020-8840.json +++ b/2020/8xxx/CVE-2020-8840.json @@ -141,6 +141,11 @@ "refsource": "MLIST", "name": "[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840", "url": "https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1", + "url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E" } ] } diff --git a/2020/8xxx/CVE-2020-8945.json b/2020/8xxx/CVE-2020-8945.json index e65bf3ca053..cf32a5eba5f 100644 --- a/2020/8xxx/CVE-2020-8945.json +++ b/2020/8xxx/CVE-2020-8945.json @@ -86,6 +86,16 @@ "refsource": "FEDORA", "name": "FEDORA-2020-ccc3e64ea5", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0679", + "url": "https://access.redhat.com/errata/RHSA-2020:0679" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0689", + "url": "https://access.redhat.com/errata/RHSA-2020:0689" } ] } From 53ae889d3cd497115966094755837d452714e5cf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 13:01:13 +0000 Subject: [PATCH 037/144] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16107.json | 67 ++++++++++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8840.json | 5 +++ 2 files changed, 72 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16107.json diff --git a/2019/16xxx/CVE-2019-16107.json b/2019/16xxx/CVE-2019-16107.json new file mode 100644 index 00000000000..74bf1717e96 --- /dev/null +++ b/2019/16xxx/CVE-2019-16107.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.phpbb.com/community/viewforum.php?f=14", + "refsource": "MISC", + "name": "https://www.phpbb.com/community/viewforum.php?f=14" + }, + { + "refsource": "CONFIRM", + "name": "https://www.phpbb.com/community/viewtopic.php?t=2523271", + "url": "https://www.phpbb.com/community/viewtopic.php?t=2523271" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8840.json b/2020/8xxx/CVE-2020-8840.json index 499032c129c..b02794f93f6 100644 --- a/2020/8xxx/CVE-2020-8840.json +++ b/2020/8xxx/CVE-2020-8840.json @@ -146,6 +146,11 @@ "refsource": "MLIST", "name": "[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1", "url": "https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1", + "url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E" } ] } From cfb0fbf42e7b34b61beacc7911874dd7b876630f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 14:01:15 +0000 Subject: [PATCH 038/144] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12402.json | 5 +++ 2019/17xxx/CVE-2019-17371.json | 7 +++- 2019/19xxx/CVE-2019-19381.json | 61 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10255.json | 5 +++ 2020/10xxx/CVE-2020-10376.json | 56 +++++++++++++++++++++++++++---- 2020/5xxx/CVE-2020-5203.json | 61 ++++++++++++++++++++++++++++++---- 6 files changed, 176 insertions(+), 19 deletions(-) diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index a315467f33a..0a7fb41dd84 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -93,6 +93,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", "url": "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2019/17xxx/CVE-2019-17371.json b/2019/17xxx/CVE-2019-17371.json index aeea269303e..73597542cbd 100644 --- a/2019/17xxx/CVE-2019-17371.json +++ b/2019/17xxx/CVE-2019-17371.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_struct. NOTE: This has been argued as being found in gif2png and not libpng." + "value": "gif2png 2.5.13 has a memory leak in the writefile function." } ] }, @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/glennrp/libpng/issues/307#issuecomment-544779431", "url": "https://github.com/glennrp/libpng/issues/307#issuecomment-544779431" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/esr/gif2png/issues/8", + "url": "https://gitlab.com/esr/gif2png/issues/8" } ] } diff --git a/2019/19xxx/CVE-2019-19381.json b/2019/19xxx/CVE-2019-19381.json index cf43606672c..eca53c38e2e 100644 --- a/2019/19xxx/CVE-2019-19381.json +++ b/2019/19xxx/CVE-2019-19381.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19381", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19381", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.compass-security.com/en/research/advisories/", + "refsource": "MISC", + "name": "https://www.compass-security.com/en/research/advisories/" + }, + { + "refsource": "MISC", + "name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-024_Abacus_Cross-Site_Scripting_XSS.txt", + "url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-024_Abacus_Cross-Site_Scripting_XSS.txt" } ] } diff --git a/2020/10xxx/CVE-2020-10255.json b/2020/10xxx/CVE-2020-10255.json index a298cb82c5b..850146d15dc 100644 --- a/2020/10xxx/CVE-2020-10255.json +++ b/2020/10xxx/CVE-2020-10255.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://twitter.com/antumbral/status/1237425959407513600", "url": "https://twitter.com/antumbral/status/1237425959407513600" + }, + { + "refsource": "MISC", + "name": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html", + "url": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html" } ] } diff --git a/2020/10xxx/CVE-2020-10376.json b/2020/10xxx/CVE-2020-10376.json index 253a280ae0e..3d83e18d090 100644 --- a/2020/10xxx/CVE-2020-10376.json +++ b/2020/10xxx/CVE-2020-10376.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10376", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10376", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an \"Authorization: Basic\" HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@felipeagromao/remote-control-cve-2020-10376-fed7b6b934e3", + "url": "https://medium.com/@felipeagromao/remote-control-cve-2020-10376-fed7b6b934e3" } ] } diff --git a/2020/5xxx/CVE-2020-5203.json b/2020/5xxx/CVE-2020-5203.json index 665d2cfdba7..090c18e8421 100644 --- a/2020/5xxx/CVE-2020-5203.json +++ b/2020/5xxx/CVE-2020-5203.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5203", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5203", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bcosca/fatfree/releases", + "url": "https://github.com/bcosca/fatfree/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/bcosca/fatfree-core/commit/dae95a0baf3963a9ef87c17cee52f78f77e21829", + "url": "https://github.com/bcosca/fatfree-core/commit/dae95a0baf3963a9ef87c17cee52f78f77e21829" } ] } From a53b0c80f4fa92e0cd719522ba03e81c31798e0e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 15:01:17 +0000 Subject: [PATCH 039/144] "-Synchronized-Data." --- 2012/1xxx/CVE-2012-1101.json | 65 ++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9095.json | 67 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9096.json | 67 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9097.json | 67 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9098.json | 67 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9099.json | 67 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9101.json | 67 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9102.json | 67 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9103.json | 67 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9104.json | 67 ++++++++++++++++++++++++++++++++++-- 10 files changed, 647 insertions(+), 21 deletions(-) diff --git a/2012/1xxx/CVE-2012-1101.json b/2012/1xxx/CVE-2012-1101.json index becab1e5503..44be17bab97 100644 --- a/2012/1xxx/CVE-2012-1101.json +++ b/2012/1xxx/CVE-2012-1101.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1101", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "systemd", + "product": { + "product_data": [ + { + "product_name": "systemd", + "version": { + "version_data": [ + { + "version_value": "37-1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/05/4", + "url": "http://www.openwall.com/lists/oss-security/2012/03/05/4" + }, + { + "refsource": "CONFIRM", + "name": "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3", + "url": "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029" } ] } diff --git a/2019/9xxx/CVE-2019-9095.json b/2019/9xxx/CVE-2019-9095.json index 33341a43916..08ef77cf9f6 100644 --- a/2019/9xxx/CVE-2019-9095.json +++ b/2019/9xxx/CVE-2019-9095.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9095", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01" + }, + { + "refsource": "CONFIRM", + "name": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities", + "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9096.json b/2019/9xxx/CVE-2019-9096.json index 15d18ba7e7a..e4c40183fd4 100644 --- a/2019/9xxx/CVE-2019-9096.json +++ b/2019/9xxx/CVE-2019-9096.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9096", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01" + }, + { + "refsource": "CONFIRM", + "name": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities", + "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9097.json b/2019/9xxx/CVE-2019-9097.json index 9eb750eb2c9..84f048561ea 100644 --- a/2019/9xxx/CVE-2019-9097.json +++ b/2019/9xxx/CVE-2019-9097.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9097", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01" + }, + { + "refsource": "CONFIRM", + "name": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities", + "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9098.json b/2019/9xxx/CVE-2019-9098.json index 7f2832342fb..c025e6a2be0 100644 --- a/2019/9xxx/CVE-2019-9098.json +++ b/2019/9xxx/CVE-2019-9098.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9098", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01" + }, + { + "refsource": "CONFIRM", + "name": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities", + "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9099.json b/2019/9xxx/CVE-2019-9099.json index b4cda6082f9..cd8fea20b4f 100644 --- a/2019/9xxx/CVE-2019-9099.json +++ b/2019/9xxx/CVE-2019-9099.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9099", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2)." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01" + }, + { + "refsource": "CONFIRM", + "name": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities", + "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9101.json b/2019/9xxx/CVE-2019-9101.json index e5da388d061..91234a9a252 100644 --- a/2019/9xxx/CVE-2019-9101.json +++ b/2019/9xxx/CVE-2019-9101.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9101", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01" + }, + { + "refsource": "CONFIRM", + "name": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities", + "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9102.json b/2019/9xxx/CVE-2019-9102.json index b9f93ea8bf7..89e7be06770 100644 --- a/2019/9xxx/CVE-2019-9102.json +++ b/2019/9xxx/CVE-2019-9102.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9102", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01" + }, + { + "refsource": "CONFIRM", + "name": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities", + "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:N/I:L/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9103.json b/2019/9xxx/CVE-2019-9103.json index 0d1819775c9..f92a9787eef 100644 --- a/2019/9xxx/CVE-2019-9103.json +++ b/2019/9xxx/CVE-2019-9103.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9103", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01" + }, + { + "refsource": "CONFIRM", + "name": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities", + "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9104.json b/2019/9xxx/CVE-2019-9104.json index 49067156ee6..d204cbfa7d5 100644 --- a/2019/9xxx/CVE-2019-9104.json +++ b/2019/9xxx/CVE-2019-9104.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9104", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01" + }, + { + "refsource": "CONFIRM", + "name": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities", + "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file From e68b9ab21313ed6d8f159461b45f6ecac09f1420 Mon Sep 17 00:00:00 2001 From: Eric Johnson Date: Wed, 11 Mar 2020 08:43:41 -0700 Subject: [PATCH 040/144] TIBCO Software Inc. security advisory for TIBCO Spotfire Server. --- 2020/9xxx/CVE-2020-9408.json | 202 ++++++++++++++++++++++++++++++++--- 1 file changed, 185 insertions(+), 17 deletions(-) diff --git a/2020/9xxx/CVE-2020-9408.json b/2020/9xxx/CVE-2020-9408.json index bab08ee67a4..a627c384b6e 100644 --- a/2020/9xxx/CVE-2020-9408.json +++ b/2020/9xxx/CVE-2020-9408.json @@ -1,18 +1,186 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-9408", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2020-03-11T17:00:00Z", + "ID": "CVE-2020-9408", + "STATE": "PUBLIC", + "TITLE": "TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "10.8.0" + } + ] + } + }, + { + "product_name": "TIBCO Spotfire Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "7.11.9" + }, + { + "version_affected": "=", + "version_value": "7.12.0" + }, + { + "version_affected": "=", + "version_value": "7.13.0" + }, + { + "version_affected": "=", + "version_value": "7.14.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "10.0.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.2.0" + }, + { + "version_affected": "=", + "version_value": "10.3.0" + }, + { + "version_affected": "=", + "version_value": "10.3.1" + }, + { + "version_affected": "=", + "version_value": "10.3.2" + }, + { + "version_affected": "=", + "version_value": "10.3.3" + }, + { + "version_affected": "=", + "version_value": "10.3.4" + }, + { + "version_affected": "=", + "version_value": "10.3.5" + }, + { + "version_affected": "=", + "version_value": "10.3.6" + }, + { + "version_affected": "=", + "version_value": "10.4.0" + }, + { + "version_affected": "=", + "version_value": "10.5.0" + }, + { + "version_affected": "=", + "version_value": "10.6.0" + }, + { + "version_affected": "=", + "version_value": "10.6.1" + }, + { + "version_affected": "=", + "version_value": "10.7.0" + }, + { + "version_affected": "=", + "version_value": "10.8.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not \"Script Author\" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0.\n" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the theoretical possibility that an attacker could execute arbitrary code with the privileges of the system account that started the Spotfire Web Player, Analyst clients, or TERR Service." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + }, + { + "name": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.8.0 and below update to version 10.8.1 or higher\nTIBCO Spotfire Server versions 7.11.9 and below update to version 7.11.10 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6 update to version 10.3.7 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0 update to version 10.8.1 or higher" + } + ], + "source": { + "discovery": "INTERNAL" + } +} From 0cfedca24ea79207b1bb13114c5feeee9a0efc61 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 16:01:11 +0000 Subject: [PATCH 041/144] "-Synchronized-Data." --- 2011/2xxx/CVE-2011-2487.json | 127 ++++++++++++++++++++++++++++++++- 2020/10xxx/CVE-2020-10181.json | 61 ++++++++++++++-- 2 files changed, 179 insertions(+), 9 deletions(-) diff --git a/2011/2xxx/CVE-2011-2487.json b/2011/2xxx/CVE-2011-2487.json index 71acf88e0f1..e5276232b80 100644 --- a/2011/2xxx/CVE-2011-2487.json +++ b/2011/2xxx/CVE-2011-2487.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2487", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,128 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "WSS4J", + "version": { + "version_data": [ + { + "version_value": "before 1.6.5" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "JBossWS", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=713539", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713539" + }, + { + "refsource": "MISC", + "name": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/", + "url": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/" + }, + { + "refsource": "MISC", + "name": "http://cxf.apache.org/note-on-cve-2011-2487.html", + "url": "http://cxf.apache.org/note-on-cve-2011-2487.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0191.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0192.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0193.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0194.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0195.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0196.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0198.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2013-0221.html", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57549", + "url": "http://www.securityfocus.com/bid/57549" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737" } ] } diff --git a/2020/10xxx/CVE-2020-10181.json b/2020/10xxx/CVE-2020-10181.json index 1ebf4028f4b..a4fbfc5d4e1 100644 --- a/2020/10xxx/CVE-2020-10181.json +++ b/2020/10xxx/CVE-2020-10181.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10181", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10181", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.youtube.com/watch?v=Ufcj4D9eA5o", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=Ufcj4D9eA5o" + }, + { + "refsource": "MISC", + "name": "https://github.com/s1kr10s/Sumavision_EMR3.0", + "url": "https://github.com/s1kr10s/Sumavision_EMR3.0" } ] } From ab78acc6a1ed2031d2b4cf10bfc27b92578b5ee2 Mon Sep 17 00:00:00 2001 From: Chandan Date: Wed, 11 Mar 2020 09:42:01 -0700 Subject: [PATCH 042/144] PANW CVE assignments for advisories published March 11, 2020 --- 2020/1xxx/CVE-2020-1979.json | 137 +++++++++++++++++++++++++++++++++-- 2020/1xxx/CVE-2020-1980.json | 137 +++++++++++++++++++++++++++++++++-- 2020/1xxx/CVE-2020-1981.json | 137 +++++++++++++++++++++++++++++++++-- 3 files changed, 390 insertions(+), 21 deletions(-) diff --git a/2020/1xxx/CVE-2020-1979.json b/2020/1xxx/CVE-2020-1979.json index c6269eb8cd2..6569c81432d 100644 --- a/2020/1xxx/CVE-2020-1979.json +++ b/2020/1xxx/CVE-2020-1979.json @@ -1,18 +1,141 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@paloaltonetworks.com", + "DATE_PUBLIC": "2020-03-11T16:00:00.000Z", "ID": "CVE-2020-1979", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PAN-OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.1", + "version_value": "8.1.13" + }, + { + "version_affected": "!>=", + "version_name": "8.1", + "version_value": "8.1.13" + }, + { + "version_affected": "!>=", + "version_name": "9.0", + "version_value": "9.0.0" + }, + { + "version_affected": "!>=", + "version_name": "7.1", + "version_value": "7.1.0" + }, + { + "version_affected": "!>=", + "version_name": "9.1", + "version_value": "9.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Palo Alto Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "N/A" + } + ], + "credit": [ + { + "lang": "eng", + "value": "This issue was found by a customer." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the restricted shell and escalating privileges.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134 Use of Externally-Controlled Format String" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://security.paloaltonetworks.com/CVE-2020-1979" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions." + } + ], + "source": { + "defect": [ + "PAN-97584" + ], + "discovery": "USER" + }, + "timeline": [ + { + "lang": "eng", + "time": "2020-03-11T16:00:00.000Z", + "value": "Initial publication" + } + ], + "work_around": [ + { + "lang": "eng", + "value": "This issue affects the management interface of Panorama and is mitigated by following best practices for securing the Panorama management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access." + } + ] } \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1980.json b/2020/1xxx/CVE-2020-1980.json index 14924704ac9..3d133c11022 100644 --- a/2020/1xxx/CVE-2020-1980.json +++ b/2020/1xxx/CVE-2020-1980.json @@ -1,18 +1,141 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@paloaltonetworks.com", + "DATE_PUBLIC": "2020-03-11T16:00:00.000Z", "ID": "CVE-2020-1980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "PAN-OS: Shell injection vulnerability in PAN-OS CLI allows execution of shell commands" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PAN-OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.1", + "version_value": "8.1.13" + }, + { + "version_affected": "!>=", + "version_name": "8.1", + "version_value": "8.1.13" + }, + { + "version_affected": "!>=", + "version_name": "9.0", + "version_value": "9.0.0" + }, + { + "version_affected": "!>=", + "version_name": "9.1", + "version_value": "9.1.0" + }, + { + "version_affected": "!>=", + "version_name": "7.1", + "version_value": "7.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Palo Alto Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "N/A" + } + ], + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered during an internal security review." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://security.paloaltonetworks.com/CVE-2020-1980" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This issue is fixed in PAN-OS 8.1.13, and all later versions." + } + ], + "source": { + "defect": [ + "PAN-102674" + ], + "discovery": "UNKNOWN" + }, + "timeline": [ + { + "lang": "eng", + "time": "2020-03-11T16:00:00.000Z", + "value": "Initial publication" + } + ], + "work_around": [ + { + "lang": "eng", + "value": "This issue affects the management interface of PAN-OS and is mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access." + } + ] } \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1981.json b/2020/1xxx/CVE-2020-1981.json index da2f0a85cbe..59ace2bd2fe 100644 --- a/2020/1xxx/CVE-2020-1981.json +++ b/2020/1xxx/CVE-2020-1981.json @@ -1,18 +1,141 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@paloaltonetworks.com", + "DATE_PUBLIC": "2020-03-11T16:00:00.000Z", "ID": "CVE-2020-1981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "PAN-OS: Predictable temporary filename vulnerability allows local privilege escalation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PAN-OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.1", + "version_value": "8.1.13" + }, + { + "version_affected": "!>=", + "version_name": "8.1", + "version_value": "8.1.13" + }, + { + "version_affected": "!>=", + "version_name": "7.1", + "version_value": "7.1.0" + }, + { + "version_affected": "!>=", + "version_name": "9.0", + "version_value": "9.0.0" + }, + { + "version_affected": "!>=", + "version_name": "9.1", + "version_value": "9.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Palo Alto Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "N/A" + } + ], + "credit": [ + { + "lang": "eng", + "value": "This issue was found during an internal security review." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation.\nThis issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-377 Insecure Temporary File" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://security.paloaltonetworks.com/CVE-2020-1981" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions." + } + ], + "source": { + "defect": [ + "PAN-103038" + ], + "discovery": "INTERNAL" + }, + "timeline": [ + { + "lang": "eng", + "time": "2020-03-11T16:00:00.000Z", + "value": "Initial publication" + } + ], + "work_around": [ + { + "lang": "eng", + "value": "This issue affects the management interface of PAN-OS and is mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 8.1 technical documentation, available at: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/best-practices-for-securing-administrative-access." + } + ] } \ No newline at end of file From 8fa5b66e3f47b016c30accdb38a05c381ea2eb43 Mon Sep 17 00:00:00 2001 From: PSIRT-NVIDIA Date: Wed, 11 Mar 2020 11:57:00 -0500 Subject: [PATCH 043/144] Update CVE-2020-5958.json CVE-2020-5958 --- 2020/5xxx/CVE-2020-5958.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2020/5xxx/CVE-2020-5958.json b/2020/5xxx/CVE-2020-5958.json index f116487dde6..c880687f7ab 100644 --- a/2020/5xxx/CVE-2020-5958.json +++ b/2020/5xxx/CVE-2020-5958.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure." + "value" : "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure." } ] }, From 7709168f0323b3eac338052f2d03200dfb8add3e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 17:01:13 +0000 Subject: [PATCH 044/144] "-Synchronized-Data." --- 2013/1xxx/CVE-2013-1753.json | 48 ++++++++++++++++++++++++++++++++-- 2019/12xxx/CVE-2019-12402.json | 10 +++++++ 2019/19xxx/CVE-2019-19880.json | 5 ++++ 2019/19xxx/CVE-2019-19923.json | 5 ++++ 2019/19xxx/CVE-2019-19925.json | 5 ++++ 2019/19xxx/CVE-2019-19926.json | 5 ++++ 2020/6xxx/CVE-2020-6381.json | 5 ++++ 2020/6xxx/CVE-2020-6382.json | 5 ++++ 2020/6xxx/CVE-2020-6383.json | 5 ++++ 2020/6xxx/CVE-2020-6384.json | 5 ++++ 2020/6xxx/CVE-2020-6385.json | 5 ++++ 2020/6xxx/CVE-2020-6386.json | 5 ++++ 2020/6xxx/CVE-2020-6387.json | 5 ++++ 2020/6xxx/CVE-2020-6388.json | 5 ++++ 2020/6xxx/CVE-2020-6389.json | 5 ++++ 2020/6xxx/CVE-2020-6390.json | 5 ++++ 2020/6xxx/CVE-2020-6391.json | 5 ++++ 2020/6xxx/CVE-2020-6392.json | 5 ++++ 2020/6xxx/CVE-2020-6393.json | 5 ++++ 2020/6xxx/CVE-2020-6394.json | 5 ++++ 2020/6xxx/CVE-2020-6395.json | 5 ++++ 2020/6xxx/CVE-2020-6396.json | 5 ++++ 2020/6xxx/CVE-2020-6397.json | 5 ++++ 2020/6xxx/CVE-2020-6398.json | 5 ++++ 2020/6xxx/CVE-2020-6399.json | 5 ++++ 2020/6xxx/CVE-2020-6400.json | 5 ++++ 2020/6xxx/CVE-2020-6401.json | 5 ++++ 2020/6xxx/CVE-2020-6402.json | 5 ++++ 2020/6xxx/CVE-2020-6403.json | 5 ++++ 2020/6xxx/CVE-2020-6404.json | 5 ++++ 2020/6xxx/CVE-2020-6405.json | 5 ++++ 2020/6xxx/CVE-2020-6406.json | 5 ++++ 2020/6xxx/CVE-2020-6407.json | 5 ++++ 2020/6xxx/CVE-2020-6408.json | 5 ++++ 2020/6xxx/CVE-2020-6409.json | 5 ++++ 2020/6xxx/CVE-2020-6410.json | 5 ++++ 2020/6xxx/CVE-2020-6411.json | 5 ++++ 2020/6xxx/CVE-2020-6412.json | 5 ++++ 2020/6xxx/CVE-2020-6413.json | 5 ++++ 2020/6xxx/CVE-2020-6414.json | 5 ++++ 2020/6xxx/CVE-2020-6415.json | 5 ++++ 2020/6xxx/CVE-2020-6416.json | 5 ++++ 2020/6xxx/CVE-2020-6418.json | 5 ++++ 2020/8xxx/CVE-2020-8540.json | 48 ++++++++++++++++++++++++++++++++-- 44 files changed, 307 insertions(+), 4 deletions(-) diff --git a/2013/1xxx/CVE-2013-1753.json b/2013/1xxx/CVE-2013-1753.json index 8fb8025d6ff..9964c97ad9d 100644 --- a/2013/1xxx/CVE-2013-1753.json +++ b/2013/1xxx/CVE-2013-1753.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1753", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugs.python.org/issue16043", + "url": "https://bugs.python.org/issue16043" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] } ] } diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 0a7fb41dd84..b96d843e770 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -98,6 +98,16 @@ "refsource": "MLIST", "name": "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", "url": "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2019/19xxx/CVE-2019-19880.json b/2019/19xxx/CVE-2019-19880.json index 0c5319133e6..db850c6cd33 100644 --- a/2019/19xxx/CVE-2019-19880.json +++ b/2019/19xxx/CVE-2019-19880.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] } diff --git a/2019/19xxx/CVE-2019-19923.json b/2019/19xxx/CVE-2019-19923.json index b641bdbf917..3025c725c99 100644 --- a/2019/19xxx/CVE-2019-19923.json +++ b/2019/19xxx/CVE-2019-19923.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] } diff --git a/2019/19xxx/CVE-2019-19925.json b/2019/19xxx/CVE-2019-19925.json index d2c9e6db0f2..ddd22a97112 100644 --- a/2019/19xxx/CVE-2019-19925.json +++ b/2019/19xxx/CVE-2019-19925.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] } diff --git a/2019/19xxx/CVE-2019-19926.json b/2019/19xxx/CVE-2019-19926.json index 726865a1864..f544133fc52 100644 --- a/2019/19xxx/CVE-2019-19926.json +++ b/2019/19xxx/CVE-2019-19926.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] } diff --git a/2020/6xxx/CVE-2020-6381.json b/2020/6xxx/CVE-2020-6381.json index 9c3c5a533ed..b6b0b1975f7 100644 --- a/2020/6xxx/CVE-2020-6381.json +++ b/2020/6xxx/CVE-2020-6381.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6382.json b/2020/6xxx/CVE-2020-6382.json index baba9071ef7..bbae1851f39 100644 --- a/2020/6xxx/CVE-2020-6382.json +++ b/2020/6xxx/CVE-2020-6382.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6383.json b/2020/6xxx/CVE-2020-6383.json index 80fb5470b33..42a3fc12abc 100644 --- a/2020/6xxx/CVE-2020-6383.json +++ b/2020/6xxx/CVE-2020-6383.json @@ -59,6 +59,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0738", "url": "https://access.redhat.com/errata/RHSA-2020:0738" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6384.json b/2020/6xxx/CVE-2020-6384.json index c4b39ac8368..36cb2cfb3a3 100644 --- a/2020/6xxx/CVE-2020-6384.json +++ b/2020/6xxx/CVE-2020-6384.json @@ -59,6 +59,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0738", "url": "https://access.redhat.com/errata/RHSA-2020:0738" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6385.json b/2020/6xxx/CVE-2020-6385.json index 250cdc47612..5d3fb3b7c3f 100644 --- a/2020/6xxx/CVE-2020-6385.json +++ b/2020/6xxx/CVE-2020-6385.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6386.json b/2020/6xxx/CVE-2020-6386.json index 2ee784db84c..af62f360d4c 100644 --- a/2020/6xxx/CVE-2020-6386.json +++ b/2020/6xxx/CVE-2020-6386.json @@ -59,6 +59,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0738", "url": "https://access.redhat.com/errata/RHSA-2020:0738" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6387.json b/2020/6xxx/CVE-2020-6387.json index 369270105f0..889298f8b74 100644 --- a/2020/6xxx/CVE-2020-6387.json +++ b/2020/6xxx/CVE-2020-6387.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6388.json b/2020/6xxx/CVE-2020-6388.json index e8af94abe57..ac409803b06 100644 --- a/2020/6xxx/CVE-2020-6388.json +++ b/2020/6xxx/CVE-2020-6388.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6389.json b/2020/6xxx/CVE-2020-6389.json index e27247bcd76..8512ff4cb77 100644 --- a/2020/6xxx/CVE-2020-6389.json +++ b/2020/6xxx/CVE-2020-6389.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6390.json b/2020/6xxx/CVE-2020-6390.json index 5334ca95ece..ad84c4e9053 100644 --- a/2020/6xxx/CVE-2020-6390.json +++ b/2020/6xxx/CVE-2020-6390.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6391.json b/2020/6xxx/CVE-2020-6391.json index ea9ec3a91f2..e0b5850cc38 100644 --- a/2020/6xxx/CVE-2020-6391.json +++ b/2020/6xxx/CVE-2020-6391.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6392.json b/2020/6xxx/CVE-2020-6392.json index c8e8d99306b..e0551e79516 100644 --- a/2020/6xxx/CVE-2020-6392.json +++ b/2020/6xxx/CVE-2020-6392.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6393.json b/2020/6xxx/CVE-2020-6393.json index 465d46ab382..48feed62997 100644 --- a/2020/6xxx/CVE-2020-6393.json +++ b/2020/6xxx/CVE-2020-6393.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6394.json b/2020/6xxx/CVE-2020-6394.json index 9b9624b74c0..e4b3fe16e5f 100644 --- a/2020/6xxx/CVE-2020-6394.json +++ b/2020/6xxx/CVE-2020-6394.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6395.json b/2020/6xxx/CVE-2020-6395.json index bb6d9d6bbb7..8d8951bb692 100644 --- a/2020/6xxx/CVE-2020-6395.json +++ b/2020/6xxx/CVE-2020-6395.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6396.json b/2020/6xxx/CVE-2020-6396.json index 7cc5e51f093..5798a13e92c 100644 --- a/2020/6xxx/CVE-2020-6396.json +++ b/2020/6xxx/CVE-2020-6396.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6397.json b/2020/6xxx/CVE-2020-6397.json index dd0ccfa52e4..a12f7d72c25 100644 --- a/2020/6xxx/CVE-2020-6397.json +++ b/2020/6xxx/CVE-2020-6397.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6398.json b/2020/6xxx/CVE-2020-6398.json index cdb14ecd173..abda2d25480 100644 --- a/2020/6xxx/CVE-2020-6398.json +++ b/2020/6xxx/CVE-2020-6398.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6399.json b/2020/6xxx/CVE-2020-6399.json index 215440f7123..5dc65138284 100644 --- a/2020/6xxx/CVE-2020-6399.json +++ b/2020/6xxx/CVE-2020-6399.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6400.json b/2020/6xxx/CVE-2020-6400.json index 6d80a4bf1fd..cdecb049b89 100644 --- a/2020/6xxx/CVE-2020-6400.json +++ b/2020/6xxx/CVE-2020-6400.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6401.json b/2020/6xxx/CVE-2020-6401.json index 6651a39743d..e37004bb8e1 100644 --- a/2020/6xxx/CVE-2020-6401.json +++ b/2020/6xxx/CVE-2020-6401.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6402.json b/2020/6xxx/CVE-2020-6402.json index cf2d85f17f1..228e7e8f0bd 100644 --- a/2020/6xxx/CVE-2020-6402.json +++ b/2020/6xxx/CVE-2020-6402.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6403.json b/2020/6xxx/CVE-2020-6403.json index 5a6d3450dc0..e2a17949914 100644 --- a/2020/6xxx/CVE-2020-6403.json +++ b/2020/6xxx/CVE-2020-6403.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6404.json b/2020/6xxx/CVE-2020-6404.json index aa4f78b08a6..4737f08b809 100644 --- a/2020/6xxx/CVE-2020-6404.json +++ b/2020/6xxx/CVE-2020-6404.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6405.json b/2020/6xxx/CVE-2020-6405.json index afbfc2aa238..a0f99c42529 100644 --- a/2020/6xxx/CVE-2020-6405.json +++ b/2020/6xxx/CVE-2020-6405.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6406.json b/2020/6xxx/CVE-2020-6406.json index 7cd0a386c43..7ad1fa20d44 100644 --- a/2020/6xxx/CVE-2020-6406.json +++ b/2020/6xxx/CVE-2020-6406.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6407.json b/2020/6xxx/CVE-2020-6407.json index 1cd7a42bf3c..55c04fca9f4 100644 --- a/2020/6xxx/CVE-2020-6407.json +++ b/2020/6xxx/CVE-2020-6407.json @@ -59,6 +59,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0738", "url": "https://access.redhat.com/errata/RHSA-2020:0738" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6408.json b/2020/6xxx/CVE-2020-6408.json index ab2542e8773..086c114cc84 100644 --- a/2020/6xxx/CVE-2020-6408.json +++ b/2020/6xxx/CVE-2020-6408.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6409.json b/2020/6xxx/CVE-2020-6409.json index 4b5f214f176..ad870905570 100644 --- a/2020/6xxx/CVE-2020-6409.json +++ b/2020/6xxx/CVE-2020-6409.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6410.json b/2020/6xxx/CVE-2020-6410.json index 4cc961ea695..f3bd3067246 100644 --- a/2020/6xxx/CVE-2020-6410.json +++ b/2020/6xxx/CVE-2020-6410.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6411.json b/2020/6xxx/CVE-2020-6411.json index 359c9e0bedd..ec828ca3f9e 100644 --- a/2020/6xxx/CVE-2020-6411.json +++ b/2020/6xxx/CVE-2020-6411.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6412.json b/2020/6xxx/CVE-2020-6412.json index b8b36c438aa..b4c586b21d7 100644 --- a/2020/6xxx/CVE-2020-6412.json +++ b/2020/6xxx/CVE-2020-6412.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6413.json b/2020/6xxx/CVE-2020-6413.json index 9cb25761862..7e78c79c1fa 100644 --- a/2020/6xxx/CVE-2020-6413.json +++ b/2020/6xxx/CVE-2020-6413.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6414.json b/2020/6xxx/CVE-2020-6414.json index 8e6c8f6b650..cfa9df14920 100644 --- a/2020/6xxx/CVE-2020-6414.json +++ b/2020/6xxx/CVE-2020-6414.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6415.json b/2020/6xxx/CVE-2020-6415.json index a2e8b525422..fd7d0a066c4 100644 --- a/2020/6xxx/CVE-2020-6415.json +++ b/2020/6xxx/CVE-2020-6415.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6416.json b/2020/6xxx/CVE-2020-6416.json index 3b8372c3d8c..4d15ef2d40e 100644 --- a/2020/6xxx/CVE-2020-6416.json +++ b/2020/6xxx/CVE-2020-6416.json @@ -69,6 +69,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0233", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/6xxx/CVE-2020-6418.json b/2020/6xxx/CVE-2020-6418.json index d6914253e04..51c3689aac4 100644 --- a/2020/6xxx/CVE-2020-6418.json +++ b/2020/6xxx/CVE-2020-6418.json @@ -64,6 +64,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0738", "url": "https://access.redhat.com/errata/RHSA-2020:0738" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4638", + "url": "https://www.debian.org/security/2020/dsa-4638" } ] }, diff --git a/2020/8xxx/CVE-2020-8540.json b/2020/8xxx/CVE-2020-8540.json index f046b4cb88c..5fb4a21c03e 100644 --- a/2020/8xxx/CVE-2020-8540.json +++ b/2020/8xxx/CVE-2020-8540.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2020-8540", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/desktop-central/xxe-vulnerability.html", + "url": "https://www.manageengine.com/products/desktop-central/xxe-vulnerability.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XML external entity (XXE) vulnerability iin Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request." } ] } From 2b9db594593f4ebcb843a1f31eab22ff23a0ec08 Mon Sep 17 00:00:00 2001 From: Guilherme de Almeida Suckevicz Date: Wed, 11 Mar 2020 14:04:00 -0300 Subject: [PATCH 045/144] CVE-2020-1733 init. --- 2020/1xxx/CVE-2020-1733.json | 70 ++++++++++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 3 deletions(-) diff --git a/2020/1xxx/CVE-2020-1733.json b/2020/1xxx/CVE-2020-1733.json index d9c1dc27e6a..39effce4cd0 100644 --- a/2020/1xxx/CVE-2020-1733.json +++ b/2020/1xxx/CVE-2020-1733.json @@ -4,15 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1733", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "gsuckevi@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Ansible", + "version": { + "version_data": [ + { + "version_value": "2.7.17 and prior" + }, + { + "version_value": "2.8.9 and prior" + }, + { + "version_value": "2.9.6 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-377" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/ansible/ansible/issues/67791", + "name": "https://github.com/ansible/ansible/issues/67791", + "refsource": "MISC" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with \"umask 77 && mkdir -p \"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc//cmdline'." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] } } \ No newline at end of file From eb950edb8ac78ecbd5f311b434418f2786f52530 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 19:01:23 +0000 Subject: [PATCH 046/144] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10064.json | 5 +++++ 2020/10xxx/CVE-2020-10232.json | 5 +++++ 2020/1xxx/CVE-2020-1733.json | 3 ++- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/2019/10xxx/CVE-2019-10064.json b/2019/10xxx/CVE-2019-10064.json index 4ea31f79f90..7c05033ff7d 100644 --- a/2019/10xxx/CVE-2019-10064.json +++ b/2019/10xxx/CVE-2019-10064.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html", "url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html" } ] } diff --git a/2020/10xxx/CVE-2020-10232.json b/2020/10xxx/CVE-2020-10232.json index aa2f84cfe3a..b80ec3ba02a 100644 --- a/2020/10xxx/CVE-2020-10232.json +++ b/2020/10xxx/CVE-2020-10232.json @@ -56,6 +56,11 @@ "url": "https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1", "refsource": "MISC", "name": "https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2137-1] sleuthkit security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00011.html" } ] } diff --git a/2020/1xxx/CVE-2020-1733.json b/2020/1xxx/CVE-2020-1733.json index 39effce4cd0..0eebcc9c20e 100644 --- a/2020/1xxx/CVE-2020-1733.json +++ b/2020/1xxx/CVE-2020-1733.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1733", - "ASSIGNER": "gsuckevi@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { From 0d6513362a69dd923e26dd28fae77cc951e717c8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 20:01:22 +0000 Subject: [PATCH 047/144] "-Synchronized-Data." --- 2016/1000xxx/CVE-2016-1000111.json | 63 ++++- 2019/17xxx/CVE-2019-17055.json | 5 + 2019/17xxx/CVE-2019-17133.json | 5 + 2019/3xxx/CVE-2019-3689.json | 5 + 2020/1xxx/CVE-2020-1979.json | 27 +-- 2020/1xxx/CVE-2020-1980.json | 27 +-- 2020/1xxx/CVE-2020-1981.json | 27 +-- 2020/9xxx/CVE-2020-9408.json | 370 ++++++++++++++--------------- 8 files changed, 288 insertions(+), 241 deletions(-) diff --git a/2016/1000xxx/CVE-2016-1000111.json b/2016/1000xxx/CVE-2016-1000111.json index bc922307094..f781be90aa0 100644 --- a/2016/1000xxx/CVE-2016-1000111.json +++ b/2016/1000xxx/CVE-2016-1000111.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1000111", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2016/07/18/6", + "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6" + }, + { + "refsource": "CONFIRM", + "name": "https://twistedmatrix.com/trac/ticket/8623", + "url": "https://twistedmatrix.com/trac/ticket/8623" + }, + { + "refsource": "CONFIRM", + "name": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html", + "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html" } ] } diff --git a/2019/17xxx/CVE-2019-17055.json b/2019/17xxx/CVE-2019-17055.json index 171a303aae3..e3546699d73 100644 --- a/2019/17xxx/CVE-2019-17055.json +++ b/2019/17xxx/CVE-2019-17055.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0790", + "url": "https://access.redhat.com/errata/RHSA-2020:0790" } ] } diff --git a/2019/17xxx/CVE-2019-17133.json b/2019/17xxx/CVE-2019-17133.json index 253a8c44805..6e9b5c91c04 100644 --- a/2019/17xxx/CVE-2019-17133.json +++ b/2019/17xxx/CVE-2019-17133.json @@ -161,6 +161,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0664", "url": "https://access.redhat.com/errata/RHSA-2020:0664" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0790", + "url": "https://access.redhat.com/errata/RHSA-2020:0790" } ] } diff --git a/2019/3xxx/CVE-2019-3689.json b/2019/3xxx/CVE-2019-3689.json index 3d010ac95a9..6d378f9088f 100644 --- a/2019/3xxx/CVE-2019-3689.json +++ b/2019/3xxx/CVE-2019-3689.json @@ -108,6 +108,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2435", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.html" + }, + { + "refsource": "MISC", + "name": "https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e", + "url": "https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e" } ] }, diff --git a/2020/1xxx/CVE-2020-1979.json b/2020/1xxx/CVE-2020-1979.json index 6569c81432d..9aaf109fa90 100644 --- a/2020/1xxx/CVE-2020-1979.json +++ b/2020/1xxx/CVE-2020-1979.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Palo Alto Networks", "product": { "product_data": [ { @@ -17,36 +18,25 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "8.1", - "version_value": "8.1.13" + "version_value": "8.1 < 8.1.13" }, { - "version_affected": "!>=", - "version_name": "8.1", - "version_value": "8.1.13" + "version_value": "8.1 !>= 8.1.13" }, { - "version_affected": "!>=", - "version_name": "9.0", - "version_value": "9.0.0" + "version_value": "9.0 !>= 9.0.0" }, { - "version_affected": "!>=", - "version_name": "7.1", - "version_value": "7.1.0" + "version_value": "7.1 !>= 7.1.0" }, { - "version_affected": "!>=", - "version_name": "9.1", - "version_value": "9.1.0" + "version_value": "9.1 !>= 9.1.0" } ] } } ] - }, - "vendor_name": "Palo Alto Networks" + } } ] } @@ -70,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the restricted shell and escalating privileges.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions." + "value": "A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13 on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13 and all later PAN-OS 8.1 versions." } ] }, @@ -109,6 +99,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://security.paloaltonetworks.com/CVE-2020-1979", "url": "https://security.paloaltonetworks.com/CVE-2020-1979" } ] diff --git a/2020/1xxx/CVE-2020-1980.json b/2020/1xxx/CVE-2020-1980.json index 3d133c11022..a6dc2c4a374 100644 --- a/2020/1xxx/CVE-2020-1980.json +++ b/2020/1xxx/CVE-2020-1980.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Palo Alto Networks", "product": { "product_data": [ { @@ -17,36 +18,25 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "8.1", - "version_value": "8.1.13" + "version_value": "8.1 < 8.1.13" }, { - "version_affected": "!>=", - "version_name": "8.1", - "version_value": "8.1.13" + "version_value": "8.1 !>= 8.1.13" }, { - "version_affected": "!>=", - "version_name": "9.0", - "version_value": "9.0.0" + "version_value": "9.0 !>= 9.0.0" }, { - "version_affected": "!>=", - "version_name": "9.1", - "version_value": "9.1.0" + "version_value": "7.1 !>= 7.1.0" }, { - "version_affected": "!>=", - "version_name": "7.1", - "version_value": "7.1.0" + "version_value": "9.1 !>= 9.1.0" } ] } } ] - }, - "vendor_name": "Palo Alto Networks" + } } ] } @@ -70,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions." + "value": "A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions." } ] }, @@ -109,6 +99,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://security.paloaltonetworks.com/CVE-2020-1980", "url": "https://security.paloaltonetworks.com/CVE-2020-1980" } ] diff --git a/2020/1xxx/CVE-2020-1981.json b/2020/1xxx/CVE-2020-1981.json index 59ace2bd2fe..5924b607eea 100644 --- a/2020/1xxx/CVE-2020-1981.json +++ b/2020/1xxx/CVE-2020-1981.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Palo Alto Networks", "product": { "product_data": [ { @@ -17,36 +18,25 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "8.1", - "version_value": "8.1.13" + "version_value": "8.1 < 8.1.13" }, { - "version_affected": "!>=", - "version_name": "8.1", - "version_value": "8.1.13" + "version_value": "8.1 !>= 8.1.13" }, { - "version_affected": "!>=", - "version_name": "7.1", - "version_value": "7.1.0" + "version_value": "9.0 !>= 9.0.0" }, { - "version_affected": "!>=", - "version_name": "9.0", - "version_value": "9.0.0" + "version_value": "7.1 !>= 7.1.0" }, { - "version_affected": "!>=", - "version_name": "9.1", - "version_value": "9.1.0" + "version_value": "9.1 !>= 9.1.0" } ] } } ] - }, - "vendor_name": "Palo Alto Networks" + } } ] } @@ -70,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation.\nThis issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance.\nThis issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.\nThis issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions." + "value": "A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions." } ] }, @@ -109,6 +99,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://security.paloaltonetworks.com/CVE-2020-1981", "url": "https://security.paloaltonetworks.com/CVE-2020-1981" } ] diff --git a/2020/9xxx/CVE-2020-9408.json b/2020/9xxx/CVE-2020-9408.json index a627c384b6e..9881ceb01dd 100644 --- a/2020/9xxx/CVE-2020-9408.json +++ b/2020/9xxx/CVE-2020-9408.json @@ -1,186 +1,186 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2020-03-11T17:00:00Z", - "ID": "CVE-2020-9408", - "STATE": "PUBLIC", - "TITLE": "TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "10.8.0" - } - ] - } - }, - { - "product_name": "TIBCO Spotfire Server", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "7.11.9" - }, - { - "version_affected": "=", - "version_value": "7.12.0" - }, - { - "version_affected": "=", - "version_value": "7.13.0" - }, - { - "version_affected": "=", - "version_value": "7.14.0" - }, - { - "version_affected": "=", - "version_value": "10.0.0" - }, - { - "version_affected": "=", - "version_value": "10.0.1" - }, - { - "version_affected": "=", - "version_value": "10.1.0" - }, - { - "version_affected": "=", - "version_value": "10.2.0" - }, - { - "version_affected": "=", - "version_value": "10.3.0" - }, - { - "version_affected": "=", - "version_value": "10.3.1" - }, - { - "version_affected": "=", - "version_value": "10.3.2" - }, - { - "version_affected": "=", - "version_value": "10.3.3" - }, - { - "version_affected": "=", - "version_value": "10.3.4" - }, - { - "version_affected": "=", - "version_value": "10.3.5" - }, - { - "version_affected": "=", - "version_value": "10.3.6" - }, - { - "version_affected": "=", - "version_value": "10.4.0" - }, - { - "version_affected": "=", - "version_value": "10.5.0" - }, - { - "version_affected": "=", - "version_value": "10.6.0" - }, - { - "version_affected": "=", - "version_value": "10.6.1" - }, - { - "version_affected": "=", - "version_value": "10.7.0" - }, - { - "version_affected": "=", - "version_value": "10.8.0" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not \"Script Author\" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.9, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the theoretical possibility that an attacker could execute arbitrary code with the privileges of the system account that started the Spotfire Web Player, Analyst clients, or TERR Service." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - }, - { - "name": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server", - "refsource": "CONFIRM", - "url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.8.0 and below update to version 10.8.1 or higher\nTIBCO Spotfire Server versions 7.11.9 and below update to version 7.11.10 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6 update to version 10.3.7 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0 update to version 10.8.1 or higher" - } - ], - "source": { - "discovery": "INTERNAL" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2020-03-11T17:00:00Z", + "ID": "CVE-2020-9408", + "STATE": "PUBLIC", + "TITLE": "TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "10.8.0" + } + ] + } + }, + { + "product_name": "TIBCO Spotfire Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "7.11.9" + }, + { + "version_affected": "=", + "version_value": "7.12.0" + }, + { + "version_affected": "=", + "version_value": "7.13.0" + }, + { + "version_affected": "=", + "version_value": "7.14.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "10.0.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.2.0" + }, + { + "version_affected": "=", + "version_value": "10.3.0" + }, + { + "version_affected": "=", + "version_value": "10.3.1" + }, + { + "version_affected": "=", + "version_value": "10.3.2" + }, + { + "version_affected": "=", + "version_value": "10.3.3" + }, + { + "version_affected": "=", + "version_value": "10.3.4" + }, + { + "version_affected": "=", + "version_value": "10.3.5" + }, + { + "version_affected": "=", + "version_value": "10.3.6" + }, + { + "version_affected": "=", + "version_value": "10.4.0" + }, + { + "version_affected": "=", + "version_value": "10.5.0" + }, + { + "version_affected": "=", + "version_value": "10.6.0" + }, + { + "version_affected": "=", + "version_value": "10.6.1" + }, + { + "version_affected": "=", + "version_value": "10.7.0" + }, + { + "version_affected": "=", + "version_value": "10.8.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not \"Script Author\" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the theoretical possibility that an attacker could execute arbitrary code with the privileges of the system account that started the Spotfire Web Player, Analyst clients, or TERR Service." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + }, + { + "name": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.8.0 and below update to version 10.8.1 or higher\nTIBCO Spotfire Server versions 7.11.9 and below update to version 7.11.10 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6 update to version 10.3.7 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0 update to version 10.8.1 or higher" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file From 8dde0bef00a73b6f85171ae558596decb649332d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 21:01:14 +0000 Subject: [PATCH 048/144] "-Synchronized-Data." --- 2020/1xxx/CVE-2020-1947.json | 53 ++++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5258.json | 5 ++++ 2020/5xxx/CVE-2020-5259.json | 5 ++++ 3 files changed, 60 insertions(+), 3 deletions(-) diff --git a/2020/1xxx/CVE-2020-1947.json b/2020/1xxx/CVE-2020-1947.json index e0b7ec3d4ba..f89833af8d7 100644 --- a/2020/1xxx/CVE-2020-1947.json +++ b/2020/1xxx/CVE-2020-1947.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1947", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache ShardingSphere(incubator)", + "version": { + "version_data": [ + { + "version_value": "4.0.0-RC3" + }, + { + "version_value": "4.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/r4a61a24c119bd820da6fb02100d286f8aae55c8f9b94a346b9bb27d8%40%3Cdev.shardingsphere.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r4a61a24c119bd820da6fb02100d286f8aae55c8f9b94a346b9bb27d8%40%3Cdev.shardingsphere.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE." } ] } diff --git a/2020/5xxx/CVE-2020-5258.json b/2020/5xxx/CVE-2020-5258.json index 3f8b90c2cd7..1cad6f59157 100644 --- a/2020/5xxx/CVE-2020-5258.json +++ b/2020/5xxx/CVE-2020-5258.json @@ -90,6 +90,11 @@ "name": "https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d", "refsource": "MISC", "url": "https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2139-1] dojo security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00012.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5259.json b/2020/5xxx/CVE-2020-5259.json index 77ac9b5ec7d..161e2ef644a 100644 --- a/2020/5xxx/CVE-2020-5259.json +++ b/2020/5xxx/CVE-2020-5259.json @@ -93,6 +93,11 @@ "name": "https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da", "refsource": "MISC", "url": "https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2139-1] dojo security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00012.html" } ] }, From ec33dc3705056beafb07f584965508b03d98d33e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 22:01:20 +0000 Subject: [PATCH 049/144] "-Synchronized-Data." --- 2020/5xxx/CVE-2020-5958.json | 120 ++++++++++++++++++----------------- 2020/7xxx/CVE-2020-7598.json | 50 ++++++++++++++- 2020/7xxx/CVE-2020-7943.json | 79 ++++++++++++++++++++++- 2020/8xxx/CVE-2020-8540.json | 2 +- 2020/8xxx/CVE-2020-8768.json | 5 ++ 5 files changed, 190 insertions(+), 66 deletions(-) diff --git a/2020/5xxx/CVE-2020-5958.json b/2020/5xxx/CVE-2020-5958.json index c880687f7ab..2f37b2e3586 100644 --- a/2020/5xxx/CVE-2020-5958.json +++ b/2020/5xxx/CVE-2020-5958.json @@ -1,60 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2020-5958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVIDIA GPU Display Driver ", - "version" : { - "version_data" : [ - { - "version_value" : "ALL" - } - ] - } - } - ] - }, - "vendor_name" : "NVIDIA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "code execution, denial of service or escalation of privileges." - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2020-5958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA GPU Display Driver ", + "version": { + "version_data": [ + { + "version_value": "ALL" + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "code execution, denial of service or escalation of privileges." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", + "refsource": "MISC", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7598.json b/2020/7xxx/CVE-2020-7598.json index 2881e004a15..b3f7f557f37 100644 --- a/2020/7xxx/CVE-2020-7598.json +++ b/2020/7xxx/CVE-2020-7598.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "minimist", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764", + "url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a \"constructor\" or \"__proto__\" payload." } ] } diff --git a/2020/7xxx/CVE-2020-7943.json b/2020/7xxx/CVE-2020-7943.json index 55446399ed4..d31dd3828b6 100644 --- a/2020/7xxx/CVE-2020-7943.json +++ b/2020/7xxx/CVE-2020-7943.json @@ -4,14 +4,87 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7943", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@puppet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Puppet", + "product": { + "product_data": [ + { + "product_name": "Puppet Enterprise", + "version": { + "version_data": [ + { + "version_value": "2018.1.x stream prior to 2018.1.13" + }, + { + "version_value": "prior to 2019.4.0" + } + ] + } + }, + { + "product_name": "Puppet Server", + "version": { + "version_data": [ + { + "version_value": "prior to 6.9.1" + }, + { + "version_value": "prior to 5.3.12" + } + ] + } + }, + { + "product_name": "PuppetDB", + "version": { + "version_data": [ + { + "version_value": "prior to 6.9.1" + }, + { + "version_value": "prior to 5.2.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276: Incorrect Default Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://puppet.com/security/cve/CVE-2020-7943/", + "url": "https://puppet.com/security/cve/CVE-2020-7943/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.4.0, Puppet Server 6.9.1 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects Puppet Enterprise 2018.1.x stream prior to 2018.1.13, and prior to 2019.4.0; Puppet Server prior to 6.9.1, and prior to 5.3.12; PuppetDB prior to 6.9.1, and prior to 5.2.13." } ] } diff --git a/2020/8xxx/CVE-2020-8540.json b/2020/8xxx/CVE-2020-8540.json index 5fb4a21c03e..e5760e2e346 100644 --- a/2020/8xxx/CVE-2020-8540.json +++ b/2020/8xxx/CVE-2020-8540.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "An XML external entity (XXE) vulnerability iin Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request." + "value": "An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request." } ] } diff --git a/2020/8xxx/CVE-2020-8768.json b/2020/8xxx/CVE-2020-8768.json index 644b0ff4cae..076bfefe050 100644 --- a/2020/8xxx/CVE-2020-8768.json +++ b/2020/8xxx/CVE-2020-8768.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://cert.vde.com/de-de/advisories/vde-2020-001", "url": "https://cert.vde.com/de-de/advisories/vde-2020-001" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-063-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-02" } ] } From a8e611ac1c993bc4f271492611b29d4bb3d85c6c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Mar 2020 23:01:12 +0000 Subject: [PATCH 050/144] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10808.json | 55 ++++++++++++++++++++++++++++++-- 2019/5xxx/CVE-2019-5172.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5173.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5174.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5175.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5182.json | 58 ++++++++++++++++++++++++++++++---- 6 files changed, 307 insertions(+), 38 deletions(-) diff --git a/2019/10xxx/CVE-2019-10808.json b/2019/10xxx/CVE-2019-10808.json index fbcedf189cc..a24f06ba574 100644 --- a/2019/10xxx/CVE-2019-10808.json +++ b/2019/10xxx/CVE-2019-10808.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "utilitify", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 1.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/xcritical-software/utilitify/commit/88d6e27009823338bf319ffb768fe6b08e8ad2d1,", + "url": "https://github.com/xcritical-software/utilitify/commit/88d6e27009823338bf319ffb768fe6b08e8ad2d1," + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-UTILITIFY-559497", + "url": "https://snyk.io/vuln/SNYK-JS-UTILITIFY-559497" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype." } ] } diff --git a/2019/5xxx/CVE-2019-5172.json b/2019/5xxx/CVE-2019-5172.json index c881f21cb6a..72a0d08315e 100644 --- a/2019/5xxx/CVE-2019-5172.json +++ b/2019/5xxx/CVE-2019-5172.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5172", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5172", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d= using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file." } ] } diff --git a/2019/5xxx/CVE-2019-5173.json b/2019/5xxx/CVE-2019-5173.json index e6eb2773466..ba18752c134 100644 --- a/2019/5xxx/CVE-2019-5173.json +++ b/2019/5xxx/CVE-2019-5173.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5173", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5173", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state= using sprintf(). This command is later executed via a call to system()." } ] } diff --git a/2019/5xxx/CVE-2019-5174.json b/2019/5xxx/CVE-2019-5174.json index 61df6d83d84..8e3e64fea5d 100644 --- a/2019/5xxx/CVE-2019-5174.json +++ b/2019/5xxx/CVE-2019-5174.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5174", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5174", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200 Firmware", + "version": { + "version_data": [ + { + "version_value": "version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask= using sprintf(). This command is later executed via a call to system()." } ] } diff --git a/2019/5xxx/CVE-2019-5175.json b/2019/5xxx/CVE-2019-5175.json index 288c74954a8..9b12a4e2441 100644 --- a/2019/5xxx/CVE-2019-5175.json +++ b/2019/5xxx/CVE-2019-5175.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5175", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5175", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1ea28 the extracted type value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled config-type= using sprintf(). This command is later executed via a call to system()." } ] } diff --git a/2019/5xxx/CVE-2019-5182.json b/2019/5xxx/CVE-2019-5182.json index 1a1bac6d7e9..9f0dab1e7b3 100644 --- a/2019/5xxx/CVE-2019-5182.json +++ b/2019/5xxx/CVE-2019-5182.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5182", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5182", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is overflowed with the call to sprintf() for any type values that are greater than 1024-len(\u2018/etc/config-tools/config_interfaces interface=X1 state=enabled config-type=\u2018) in length. A type value of length 0x3d9 will cause the service to crash." } ] } From eafddbac499abd97a67f82fcf1af6b151f7829ed Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 00:01:14 +0000 Subject: [PATCH 051/144] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14615.json | 5 +++ 2019/15xxx/CVE-2019-15217.json | 5 +++ 2019/15xxx/CVE-2019-15220.json | 5 +++ 2019/15xxx/CVE-2019-15221.json | 5 +++ 2019/17xxx/CVE-2019-17351.json | 5 +++ 2019/19xxx/CVE-2019-19051.json | 5 +++ 2019/19xxx/CVE-2019-19056.json | 5 +++ 2019/19xxx/CVE-2019-19066.json | 5 +++ 2019/19xxx/CVE-2019-19068.json | 5 +++ 2019/19xxx/CVE-2019-19965.json | 5 +++ 2019/20xxx/CVE-2019-20096.json | 5 +++ 2019/20xxx/CVE-2019-20503.json | 5 +++ 2019/5xxx/CVE-2019-5108.json | 5 +++ 2019/5xxx/CVE-2019-5169.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5170.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5171.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5176.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5177.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5178.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5179.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5180.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5181.json | 58 ++++++++++++++++++++++++++++++---- 2020/6xxx/CVE-2020-6796.json | 5 +++ 2020/6xxx/CVE-2020-6798.json | 5 +++ 2020/6xxx/CVE-2020-6800.json | 5 +++ 2020/6xxx/CVE-2020-6801.json | 5 +++ 26 files changed, 544 insertions(+), 63 deletions(-) diff --git a/2019/14xxx/CVE-2019-14615.json b/2019/14xxx/CVE-2019-14615.json index 7c3fc6e7d51..20c1984ab8c 100644 --- a/2019/14xxx/CVE-2019-14615.json +++ b/2019/14xxx/CVE-2019-14615.json @@ -118,6 +118,11 @@ "refsource": "UBUNTU", "name": "USN-4284-1", "url": "https://usn.ubuntu.com/4284-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] }, diff --git a/2019/15xxx/CVE-2019-15217.json b/2019/15xxx/CVE-2019-15217.json index deacf91bf4d..e3cb20df69d 100644 --- a/2019/15xxx/CVE-2019-15217.json +++ b/2019/15xxx/CVE-2019-15217.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] } diff --git a/2019/15xxx/CVE-2019-15220.json b/2019/15xxx/CVE-2019-15220.json index 849ee5226c7..f4531284bfc 100644 --- a/2019/15xxx/CVE-2019-15220.json +++ b/2019/15xxx/CVE-2019-15220.json @@ -121,6 +121,11 @@ "refsource": "UBUNTU", "name": "USN-4286-2", "url": "https://usn.ubuntu.com/4286-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] } diff --git a/2019/15xxx/CVE-2019-15221.json b/2019/15xxx/CVE-2019-15221.json index 5d9207718ba..a4a46522fb5 100644 --- a/2019/15xxx/CVE-2019-15221.json +++ b/2019/15xxx/CVE-2019-15221.json @@ -121,6 +121,11 @@ "refsource": "UBUNTU", "name": "USN-4286-2", "url": "https://usn.ubuntu.com/4286-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] } diff --git a/2019/17xxx/CVE-2019-17351.json b/2019/17xxx/CVE-2019-17351.json index 496dc8630a7..9172f6cf4b2 100644 --- a/2019/17xxx/CVE-2019-17351.json +++ b/2019/17xxx/CVE-2019-17351.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4286-2", "url": "https://usn.ubuntu.com/4286-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19051.json b/2019/19xxx/CVE-2019-19051.json index 832f5386726..ed6beb7caab 100644 --- a/2019/19xxx/CVE-2019-19051.json +++ b/2019/19xxx/CVE-2019-19051.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19056.json b/2019/19xxx/CVE-2019-19056.json index 2db085337aa..585a5296e6a 100644 --- a/2019/19xxx/CVE-2019-19056.json +++ b/2019/19xxx/CVE-2019-19056.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19066.json b/2019/19xxx/CVE-2019-19066.json index 2abbf2e3080..6cbc62ecf4a 100644 --- a/2019/19xxx/CVE-2019-19066.json +++ b/2019/19xxx/CVE-2019-19066.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19068.json b/2019/19xxx/CVE-2019-19068.json index 3db604c24e4..ca02eb1c8a6 100644 --- a/2019/19xxx/CVE-2019-19068.json +++ b/2019/19xxx/CVE-2019-19068.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19965.json b/2019/19xxx/CVE-2019-19965.json index 5ba10b16cb3..ff4aea951ca 100644 --- a/2019/19xxx/CVE-2019-19965.json +++ b/2019/19xxx/CVE-2019-19965.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4284-1", "url": "https://usn.ubuntu.com/4284-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] } diff --git a/2019/20xxx/CVE-2019-20096.json b/2019/20xxx/CVE-2019-20096.json index 66a5f32f360..98751c06e91 100644 --- a/2019/20xxx/CVE-2019-20096.json +++ b/2019/20xxx/CVE-2019-20096.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] } diff --git a/2019/20xxx/CVE-2019-20503.json b/2019/20xxx/CVE-2019-20503.json index ba11551726f..cfed79b9278 100644 --- a/2019/20xxx/CVE-2019-20503.json +++ b/2019/20xxx/CVE-2019-20503.json @@ -61,6 +61,11 @@ "url": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467", "refsource": "MISC", "name": "https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2140-1] firefox-esr security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html" } ] } diff --git a/2019/5xxx/CVE-2019-5108.json b/2019/5xxx/CVE-2019-5108.json index 743ead4119a..12ca1c0e0af 100644 --- a/2019/5xxx/CVE-2019-5108.json +++ b/2019/5xxx/CVE-2019-5108.json @@ -83,6 +83,11 @@ "refsource": "UBUNTU", "name": "USN-4287-2", "url": "https://usn.ubuntu.com/4287-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-1", + "url": "https://usn.ubuntu.com/4286-1/" } ] }, diff --git a/2019/5xxx/CVE-2019-5169.json b/2019/5xxx/CVE-2019-5169.json index 16233330176..a801004353b 100644 --- a/2019/5xxx/CVE-2019-5169.json +++ b/2019/5xxx/CVE-2019-5169.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5169", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5169", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e900 the extracted gateway value from the xml file is used as an argument to /etc/config-tools/config_default_gateway number=0 state=enabled value= using sprintf(). This command is later executed via a call to system()." } ] } diff --git a/2019/5xxx/CVE-2019-5170.json b/2019/5xxx/CVE-2019-5170.json index b08bf443454..c2d2cf1f60f 100644 --- a/2019/5xxx/CVE-2019-5170.json +++ b/2019/5xxx/CVE-2019-5170.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5170", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5170", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname= using sprintf(). This command is later executed via a call to system()." } ] } diff --git a/2019/5xxx/CVE-2019-5171.json b/2019/5xxx/CVE-2019-5171.json index 2214ac25144..abcfbdc0996 100644 --- a/2019/5xxx/CVE-2019-5171.json +++ b/2019/5xxx/CVE-2019-5171.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5171", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5171", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0962" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable command injection vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 function of the WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address= using sprintf()." } ] } diff --git a/2019/5xxx/CVE-2019-5176.json b/2019/5xxx/CVE-2019-5176.json index 72132842eaa..b1dde8d9ca5 100644 --- a/2019/5xxx/CVE-2019-5176.json +++ b/2019/5xxx/CVE-2019-5176.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5176", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5176", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(\u2018/etc/config-tools/config_default_gateway number=0 state=enabled value=\u2018) in length. A gateway value of length 0x7e2 will cause the service to crash." } ] } diff --git a/2019/5xxx/CVE-2019-5177.json b/2019/5xxx/CVE-2019-5177.json index b51d10205e3..9bd8eed255d 100644 --- a/2019/5xxx/CVE-2019-5177.json +++ b/2019/5xxx/CVE-2019-5177.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5177", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5177", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(\u2018/etc/config-tools/edit_dns_server domain-name=\u2018) in length. A domainname value of length 0x3fa will cause the service to crash." } ] } diff --git a/2019/5xxx/CVE-2019-5178.json b/2019/5xxx/CVE-2019-5178.json index 37aa91faa68..140d75499e7 100644 --- a/2019/5xxx/CVE-2019-5178.json +++ b/2019/5xxx/CVE-2019-5178.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5178", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5178", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname values that are greater than 1024-len(\u2018/etc/config-tools/change_hostname hostname=\u2018) in length. A hostname value of length 0x3fd will cause the service to crash." } ] } diff --git a/2019/5xxx/CVE-2019-5179.json b/2019/5xxx/CVE-2019-5179.json index 1b0761fbc8d..f1f5250d2d7 100644 --- a/2019/5xxx/CVE-2019-5179.json +++ b/2019/5xxx/CVE-2019-5179.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5179", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5179", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file." } ] } diff --git a/2019/5xxx/CVE-2019-5180.json b/2019/5xxx/CVE-2019-5180.json index 5e0940d2a11..468bb61e759 100644 --- a/2019/5xxx/CVE-2019-5180.json +++ b/2019/5xxx/CVE-2019-5180.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5180", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5180", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that are greater than 1024-len(\u2018/etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=\u2018) in length. A ip value of length 0x3da will cause the service to crash." } ] } diff --git a/2019/5xxx/CVE-2019-5181.json b/2019/5xxx/CVE-2019-5181.json index 3adb90233a6..aa98e6a03e6 100644 --- a/2019/5xxx/CVE-2019-5181.json +++ b/2019/5xxx/CVE-2019-5181.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5181", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5181", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wago", + "product": { + "product_data": [ + { + "product_name": "WAGO PFC200", + "version": { + "version_data": [ + { + "version_value": "Firmware version 03.02.02(14)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0963" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service \u2018I/O-Check\u2019 functionality of WAGO PFC 200 Firmware version 03.02.02(14). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(\u2018/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=\u2018) in length. A subnetmask value of length 0x3d9 will cause the service to crash." } ] } diff --git a/2020/6xxx/CVE-2020-6796.json b/2020/6xxx/CVE-2020-6796.json index 704881974e8..41ec254bd53 100644 --- a/2020/6xxx/CVE-2020-6796.json +++ b/2020/6xxx/CVE-2020-6796.json @@ -63,6 +63,11 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1610426", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1610426" + }, + { + "refsource": "UBUNTU", + "name": "USN-4278-2", + "url": "https://usn.ubuntu.com/4278-2/" } ] }, diff --git a/2020/6xxx/CVE-2020-6798.json b/2020/6xxx/CVE-2020-6798.json index a8a28e761ef..3610b1999a0 100644 --- a/2020/6xxx/CVE-2020-6798.json +++ b/2020/6xxx/CVE-2020-6798.json @@ -79,6 +79,11 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1602944", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1602944" + }, + { + "refsource": "UBUNTU", + "name": "USN-4278-2", + "url": "https://usn.ubuntu.com/4278-2/" } ] }, diff --git a/2020/6xxx/CVE-2020-6800.json b/2020/6xxx/CVE-2020-6800.json index c54bf83a72a..1171ecbdb78 100644 --- a/2020/6xxx/CVE-2020-6800.json +++ b/2020/6xxx/CVE-2020-6800.json @@ -79,6 +79,11 @@ "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777" + }, + { + "refsource": "UBUNTU", + "name": "USN-4278-2", + "url": "https://usn.ubuntu.com/4278-2/" } ] }, diff --git a/2020/6xxx/CVE-2020-6801.json b/2020/6xxx/CVE-2020-6801.json index 2a03a04744f..bd5ee88c0f9 100644 --- a/2020/6xxx/CVE-2020-6801.json +++ b/2020/6xxx/CVE-2020-6801.json @@ -54,6 +54,11 @@ "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1601024%2C1601712%2C1604836%2C1606492", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1601024%2C1601712%2C1604836%2C1606492" + }, + { + "refsource": "UBUNTU", + "name": "USN-4278-2", + "url": "https://usn.ubuntu.com/4278-2/" } ] }, From 986d3ab0ea82bdd25eaa357371713a0576eac606 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 01:01:12 +0000 Subject: [PATCH 052/144] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18874.json | 5 +++++ 2020/8xxx/CVE-2020-8597.json | 5 +++++ 2020/8xxx/CVE-2020-8813.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2019/18xxx/CVE-2019-18874.json b/2019/18xxx/CVE-2019-18874.json index 6a26219b9d7..c62c0584ad4 100644 --- a/2019/18xxx/CVE-2019-18874.json +++ b/2019/18xxx/CVE-2019-18874.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-a06ebafad8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P7QI7MOTZTFXQYU23CP3RAWXCERMOAS/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-021fb887ac", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLETTJYZL2SMBUI4Q2NGBMGPDPP54SRG/" } ] } diff --git a/2020/8xxx/CVE-2020-8597.json b/2020/8xxx/CVE-2020-8597.json index 945a1d1385b..64af270384d 100644 --- a/2020/8xxx/CVE-2020-8597.json +++ b/2020/8xxx/CVE-2020-8597.json @@ -121,6 +121,11 @@ "refsource": "CONFIRM", "name": "https://www.synology.com/security/advisory/Synology_SA_20_02", "url": "https://www.synology.com/security/advisory/Synology_SA_20_02" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4304397fe0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/" } ] } diff --git a/2020/8xxx/CVE-2020-8813.json b/2020/8xxx/CVE-2020-8813.json index e6fe4b4aae7..e49e5141649 100644 --- a/2020/8xxx/CVE-2020-8813.json +++ b/2020/8xxx/CVE-2020-8813.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-552e4e7879", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M77SS33IDVNGBU566TK2XVULPW3RXUQ4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-10fe60d68b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEMDQXDRNQYXOME7TACKDVCXZXZNGZE2/" } ] } From a69367cf84e21dc9574bc1956a38d3fe7f7e97da Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 07:01:09 +0000 Subject: [PATCH 053/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10401.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10402.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10403.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10404.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10405.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10406.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10407.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10408.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10409.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10410.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10411.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10412.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10413.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10414.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10415.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10416.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10417.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10418.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10419.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10420.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10421.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10422.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10423.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10424.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10425.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10426.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10427.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10428.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10429.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10430.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10431.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10432.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10433.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10434.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10435.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10436.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10437.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10438.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10439.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10440.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10441.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10442.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10443.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10444.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10445.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10446.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10447.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10448.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10449.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10450.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10451.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10452.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10453.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10454.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10455.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10456.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10457.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10458.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10459.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10460.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10461.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10462.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10463.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10464.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10465.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10466.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10467.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10468.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10469.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10470.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10471.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10472.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10473.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10474.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10475.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10476.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10477.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10478.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10479.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10480.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10481.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10482.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10483.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10484.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10485.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10486.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10487.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10488.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10489.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10490.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10491.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10492.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10493.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10494.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10495.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10496.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10497.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10498.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10499.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10500.json | 18 ++++++++++++++++++ 100 files changed, 1800 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10401.json create mode 100644 2020/10xxx/CVE-2020-10402.json create mode 100644 2020/10xxx/CVE-2020-10403.json create mode 100644 2020/10xxx/CVE-2020-10404.json create mode 100644 2020/10xxx/CVE-2020-10405.json create mode 100644 2020/10xxx/CVE-2020-10406.json create mode 100644 2020/10xxx/CVE-2020-10407.json create mode 100644 2020/10xxx/CVE-2020-10408.json create mode 100644 2020/10xxx/CVE-2020-10409.json create mode 100644 2020/10xxx/CVE-2020-10410.json create mode 100644 2020/10xxx/CVE-2020-10411.json create mode 100644 2020/10xxx/CVE-2020-10412.json create mode 100644 2020/10xxx/CVE-2020-10413.json create mode 100644 2020/10xxx/CVE-2020-10414.json create mode 100644 2020/10xxx/CVE-2020-10415.json create mode 100644 2020/10xxx/CVE-2020-10416.json create mode 100644 2020/10xxx/CVE-2020-10417.json create mode 100644 2020/10xxx/CVE-2020-10418.json create mode 100644 2020/10xxx/CVE-2020-10419.json create mode 100644 2020/10xxx/CVE-2020-10420.json create mode 100644 2020/10xxx/CVE-2020-10421.json create mode 100644 2020/10xxx/CVE-2020-10422.json create mode 100644 2020/10xxx/CVE-2020-10423.json create mode 100644 2020/10xxx/CVE-2020-10424.json create mode 100644 2020/10xxx/CVE-2020-10425.json create mode 100644 2020/10xxx/CVE-2020-10426.json create mode 100644 2020/10xxx/CVE-2020-10427.json create mode 100644 2020/10xxx/CVE-2020-10428.json create mode 100644 2020/10xxx/CVE-2020-10429.json create mode 100644 2020/10xxx/CVE-2020-10430.json create mode 100644 2020/10xxx/CVE-2020-10431.json create mode 100644 2020/10xxx/CVE-2020-10432.json create mode 100644 2020/10xxx/CVE-2020-10433.json create mode 100644 2020/10xxx/CVE-2020-10434.json create mode 100644 2020/10xxx/CVE-2020-10435.json create mode 100644 2020/10xxx/CVE-2020-10436.json create mode 100644 2020/10xxx/CVE-2020-10437.json create mode 100644 2020/10xxx/CVE-2020-10438.json create mode 100644 2020/10xxx/CVE-2020-10439.json create mode 100644 2020/10xxx/CVE-2020-10440.json create mode 100644 2020/10xxx/CVE-2020-10441.json create mode 100644 2020/10xxx/CVE-2020-10442.json create mode 100644 2020/10xxx/CVE-2020-10443.json create mode 100644 2020/10xxx/CVE-2020-10444.json create mode 100644 2020/10xxx/CVE-2020-10445.json create mode 100644 2020/10xxx/CVE-2020-10446.json create mode 100644 2020/10xxx/CVE-2020-10447.json create mode 100644 2020/10xxx/CVE-2020-10448.json create mode 100644 2020/10xxx/CVE-2020-10449.json create mode 100644 2020/10xxx/CVE-2020-10450.json create mode 100644 2020/10xxx/CVE-2020-10451.json create mode 100644 2020/10xxx/CVE-2020-10452.json create mode 100644 2020/10xxx/CVE-2020-10453.json create mode 100644 2020/10xxx/CVE-2020-10454.json create mode 100644 2020/10xxx/CVE-2020-10455.json create mode 100644 2020/10xxx/CVE-2020-10456.json create mode 100644 2020/10xxx/CVE-2020-10457.json create mode 100644 2020/10xxx/CVE-2020-10458.json create mode 100644 2020/10xxx/CVE-2020-10459.json create mode 100644 2020/10xxx/CVE-2020-10460.json create mode 100644 2020/10xxx/CVE-2020-10461.json create mode 100644 2020/10xxx/CVE-2020-10462.json create mode 100644 2020/10xxx/CVE-2020-10463.json create mode 100644 2020/10xxx/CVE-2020-10464.json create mode 100644 2020/10xxx/CVE-2020-10465.json create mode 100644 2020/10xxx/CVE-2020-10466.json create mode 100644 2020/10xxx/CVE-2020-10467.json create mode 100644 2020/10xxx/CVE-2020-10468.json create mode 100644 2020/10xxx/CVE-2020-10469.json create mode 100644 2020/10xxx/CVE-2020-10470.json create mode 100644 2020/10xxx/CVE-2020-10471.json create mode 100644 2020/10xxx/CVE-2020-10472.json create mode 100644 2020/10xxx/CVE-2020-10473.json create mode 100644 2020/10xxx/CVE-2020-10474.json create mode 100644 2020/10xxx/CVE-2020-10475.json create mode 100644 2020/10xxx/CVE-2020-10476.json create mode 100644 2020/10xxx/CVE-2020-10477.json create mode 100644 2020/10xxx/CVE-2020-10478.json create mode 100644 2020/10xxx/CVE-2020-10479.json create mode 100644 2020/10xxx/CVE-2020-10480.json create mode 100644 2020/10xxx/CVE-2020-10481.json create mode 100644 2020/10xxx/CVE-2020-10482.json create mode 100644 2020/10xxx/CVE-2020-10483.json create mode 100644 2020/10xxx/CVE-2020-10484.json create mode 100644 2020/10xxx/CVE-2020-10485.json create mode 100644 2020/10xxx/CVE-2020-10486.json create mode 100644 2020/10xxx/CVE-2020-10487.json create mode 100644 2020/10xxx/CVE-2020-10488.json create mode 100644 2020/10xxx/CVE-2020-10489.json create mode 100644 2020/10xxx/CVE-2020-10490.json create mode 100644 2020/10xxx/CVE-2020-10491.json create mode 100644 2020/10xxx/CVE-2020-10492.json create mode 100644 2020/10xxx/CVE-2020-10493.json create mode 100644 2020/10xxx/CVE-2020-10494.json create mode 100644 2020/10xxx/CVE-2020-10495.json create mode 100644 2020/10xxx/CVE-2020-10496.json create mode 100644 2020/10xxx/CVE-2020-10497.json create mode 100644 2020/10xxx/CVE-2020-10498.json create mode 100644 2020/10xxx/CVE-2020-10499.json create mode 100644 2020/10xxx/CVE-2020-10500.json diff --git a/2020/10xxx/CVE-2020-10401.json b/2020/10xxx/CVE-2020-10401.json new file mode 100644 index 00000000000..11a535e63ec --- /dev/null +++ b/2020/10xxx/CVE-2020-10401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10402.json b/2020/10xxx/CVE-2020-10402.json new file mode 100644 index 00000000000..d1a5df320fa --- /dev/null +++ b/2020/10xxx/CVE-2020-10402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10403.json b/2020/10xxx/CVE-2020-10403.json new file mode 100644 index 00000000000..927bb6a2854 --- /dev/null +++ b/2020/10xxx/CVE-2020-10403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10404.json b/2020/10xxx/CVE-2020-10404.json new file mode 100644 index 00000000000..96c7b63126a --- /dev/null +++ b/2020/10xxx/CVE-2020-10404.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10404", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10405.json b/2020/10xxx/CVE-2020-10405.json new file mode 100644 index 00000000000..862f0a6c977 --- /dev/null +++ b/2020/10xxx/CVE-2020-10405.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10405", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10406.json b/2020/10xxx/CVE-2020-10406.json new file mode 100644 index 00000000000..47eb1f41105 --- /dev/null +++ b/2020/10xxx/CVE-2020-10406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10407.json b/2020/10xxx/CVE-2020-10407.json new file mode 100644 index 00000000000..38dea01cad4 --- /dev/null +++ b/2020/10xxx/CVE-2020-10407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10408.json b/2020/10xxx/CVE-2020-10408.json new file mode 100644 index 00000000000..e0f9eee7e5b --- /dev/null +++ b/2020/10xxx/CVE-2020-10408.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10408", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10409.json b/2020/10xxx/CVE-2020-10409.json new file mode 100644 index 00000000000..5136bd9a612 --- /dev/null +++ b/2020/10xxx/CVE-2020-10409.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10409", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10410.json b/2020/10xxx/CVE-2020-10410.json new file mode 100644 index 00000000000..40dadde92dd --- /dev/null +++ b/2020/10xxx/CVE-2020-10410.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10410", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10411.json b/2020/10xxx/CVE-2020-10411.json new file mode 100644 index 00000000000..366e2ae6a4b --- /dev/null +++ b/2020/10xxx/CVE-2020-10411.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10411", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10412.json b/2020/10xxx/CVE-2020-10412.json new file mode 100644 index 00000000000..02b613f79ff --- /dev/null +++ b/2020/10xxx/CVE-2020-10412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10412", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10413.json b/2020/10xxx/CVE-2020-10413.json new file mode 100644 index 00000000000..c422dd70251 --- /dev/null +++ b/2020/10xxx/CVE-2020-10413.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10413", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10414.json b/2020/10xxx/CVE-2020-10414.json new file mode 100644 index 00000000000..0eec16a9651 --- /dev/null +++ b/2020/10xxx/CVE-2020-10414.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10414", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10415.json b/2020/10xxx/CVE-2020-10415.json new file mode 100644 index 00000000000..20fcb3347e5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10415.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10415", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10416.json b/2020/10xxx/CVE-2020-10416.json new file mode 100644 index 00000000000..12d448e0c57 --- /dev/null +++ b/2020/10xxx/CVE-2020-10416.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10416", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10417.json b/2020/10xxx/CVE-2020-10417.json new file mode 100644 index 00000000000..487e923a03a --- /dev/null +++ b/2020/10xxx/CVE-2020-10417.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10417", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10418.json b/2020/10xxx/CVE-2020-10418.json new file mode 100644 index 00000000000..b74cb6fcfb8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10418.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10418", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10419.json b/2020/10xxx/CVE-2020-10419.json new file mode 100644 index 00000000000..505d2ff8373 --- /dev/null +++ b/2020/10xxx/CVE-2020-10419.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10419", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10420.json b/2020/10xxx/CVE-2020-10420.json new file mode 100644 index 00000000000..1dcf613fe4c --- /dev/null +++ b/2020/10xxx/CVE-2020-10420.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10420", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10421.json b/2020/10xxx/CVE-2020-10421.json new file mode 100644 index 00000000000..3d553e6b160 --- /dev/null +++ b/2020/10xxx/CVE-2020-10421.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10421", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10422.json b/2020/10xxx/CVE-2020-10422.json new file mode 100644 index 00000000000..3eb753424fc --- /dev/null +++ b/2020/10xxx/CVE-2020-10422.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10422", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10423.json b/2020/10xxx/CVE-2020-10423.json new file mode 100644 index 00000000000..9e26f9bbbb1 --- /dev/null +++ b/2020/10xxx/CVE-2020-10423.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10423", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10424.json b/2020/10xxx/CVE-2020-10424.json new file mode 100644 index 00000000000..8b178da5ce8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10424.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10424", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10425.json b/2020/10xxx/CVE-2020-10425.json new file mode 100644 index 00000000000..ed1daadb664 --- /dev/null +++ b/2020/10xxx/CVE-2020-10425.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10425", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10426.json b/2020/10xxx/CVE-2020-10426.json new file mode 100644 index 00000000000..254d6e316ae --- /dev/null +++ b/2020/10xxx/CVE-2020-10426.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10426", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10427.json b/2020/10xxx/CVE-2020-10427.json new file mode 100644 index 00000000000..02377e9d9c6 --- /dev/null +++ b/2020/10xxx/CVE-2020-10427.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10427", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10428.json b/2020/10xxx/CVE-2020-10428.json new file mode 100644 index 00000000000..98d0744578f --- /dev/null +++ b/2020/10xxx/CVE-2020-10428.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10428", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10429.json b/2020/10xxx/CVE-2020-10429.json new file mode 100644 index 00000000000..95818c374bf --- /dev/null +++ b/2020/10xxx/CVE-2020-10429.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10429", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10430.json b/2020/10xxx/CVE-2020-10430.json new file mode 100644 index 00000000000..7cf08373cb9 --- /dev/null +++ b/2020/10xxx/CVE-2020-10430.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10430", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10431.json b/2020/10xxx/CVE-2020-10431.json new file mode 100644 index 00000000000..2b62ae560be --- /dev/null +++ b/2020/10xxx/CVE-2020-10431.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10431", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10432.json b/2020/10xxx/CVE-2020-10432.json new file mode 100644 index 00000000000..2de4ee99c57 --- /dev/null +++ b/2020/10xxx/CVE-2020-10432.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10432", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10433.json b/2020/10xxx/CVE-2020-10433.json new file mode 100644 index 00000000000..8fa86fe2cf0 --- /dev/null +++ b/2020/10xxx/CVE-2020-10433.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10433", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10434.json b/2020/10xxx/CVE-2020-10434.json new file mode 100644 index 00000000000..6df4904f83b --- /dev/null +++ b/2020/10xxx/CVE-2020-10434.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10434", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10435.json b/2020/10xxx/CVE-2020-10435.json new file mode 100644 index 00000000000..6c7ad271f43 --- /dev/null +++ b/2020/10xxx/CVE-2020-10435.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10435", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10436.json b/2020/10xxx/CVE-2020-10436.json new file mode 100644 index 00000000000..5f2c4498580 --- /dev/null +++ b/2020/10xxx/CVE-2020-10436.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10436", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10437.json b/2020/10xxx/CVE-2020-10437.json new file mode 100644 index 00000000000..c8b797e45f0 --- /dev/null +++ b/2020/10xxx/CVE-2020-10437.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10437", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10438.json b/2020/10xxx/CVE-2020-10438.json new file mode 100644 index 00000000000..58a7a883ac8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10438.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10438", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10439.json b/2020/10xxx/CVE-2020-10439.json new file mode 100644 index 00000000000..06874913bdf --- /dev/null +++ b/2020/10xxx/CVE-2020-10439.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10439", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10440.json b/2020/10xxx/CVE-2020-10440.json new file mode 100644 index 00000000000..bcb3394851a --- /dev/null +++ b/2020/10xxx/CVE-2020-10440.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10440", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10441.json b/2020/10xxx/CVE-2020-10441.json new file mode 100644 index 00000000000..83e95af651d --- /dev/null +++ b/2020/10xxx/CVE-2020-10441.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10441", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10442.json b/2020/10xxx/CVE-2020-10442.json new file mode 100644 index 00000000000..afd5371a3ff --- /dev/null +++ b/2020/10xxx/CVE-2020-10442.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10442", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10443.json b/2020/10xxx/CVE-2020-10443.json new file mode 100644 index 00000000000..d19968f812b --- /dev/null +++ b/2020/10xxx/CVE-2020-10443.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10443", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10444.json b/2020/10xxx/CVE-2020-10444.json new file mode 100644 index 00000000000..7acf944c9e8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10444.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10444", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10445.json b/2020/10xxx/CVE-2020-10445.json new file mode 100644 index 00000000000..33dd5525cb5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10445.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10445", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10446.json b/2020/10xxx/CVE-2020-10446.json new file mode 100644 index 00000000000..b1d07344325 --- /dev/null +++ b/2020/10xxx/CVE-2020-10446.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10446", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10447.json b/2020/10xxx/CVE-2020-10447.json new file mode 100644 index 00000000000..97562c4e7dc --- /dev/null +++ b/2020/10xxx/CVE-2020-10447.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10447", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10448.json b/2020/10xxx/CVE-2020-10448.json new file mode 100644 index 00000000000..0405b1345ed --- /dev/null +++ b/2020/10xxx/CVE-2020-10448.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10448", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10449.json b/2020/10xxx/CVE-2020-10449.json new file mode 100644 index 00000000000..be3575b3a9e --- /dev/null +++ b/2020/10xxx/CVE-2020-10449.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10449", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10450.json b/2020/10xxx/CVE-2020-10450.json new file mode 100644 index 00000000000..1aee2334009 --- /dev/null +++ b/2020/10xxx/CVE-2020-10450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10451.json b/2020/10xxx/CVE-2020-10451.json new file mode 100644 index 00000000000..9cce8e0854a --- /dev/null +++ b/2020/10xxx/CVE-2020-10451.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10451", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10452.json b/2020/10xxx/CVE-2020-10452.json new file mode 100644 index 00000000000..d2730e8217f --- /dev/null +++ b/2020/10xxx/CVE-2020-10452.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10452", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10453.json b/2020/10xxx/CVE-2020-10453.json new file mode 100644 index 00000000000..c018b76d66e --- /dev/null +++ b/2020/10xxx/CVE-2020-10453.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10453", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10454.json b/2020/10xxx/CVE-2020-10454.json new file mode 100644 index 00000000000..5fe4c5974c0 --- /dev/null +++ b/2020/10xxx/CVE-2020-10454.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10454", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10455.json b/2020/10xxx/CVE-2020-10455.json new file mode 100644 index 00000000000..a8247df8919 --- /dev/null +++ b/2020/10xxx/CVE-2020-10455.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10455", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10456.json b/2020/10xxx/CVE-2020-10456.json new file mode 100644 index 00000000000..3342af0120d --- /dev/null +++ b/2020/10xxx/CVE-2020-10456.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10456", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10457.json b/2020/10xxx/CVE-2020-10457.json new file mode 100644 index 00000000000..ac9a6aec529 --- /dev/null +++ b/2020/10xxx/CVE-2020-10457.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10457", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10458.json b/2020/10xxx/CVE-2020-10458.json new file mode 100644 index 00000000000..c4cb9853f93 --- /dev/null +++ b/2020/10xxx/CVE-2020-10458.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10458", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10459.json b/2020/10xxx/CVE-2020-10459.json new file mode 100644 index 00000000000..dffe676e4d9 --- /dev/null +++ b/2020/10xxx/CVE-2020-10459.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10459", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10460.json b/2020/10xxx/CVE-2020-10460.json new file mode 100644 index 00000000000..58adcf7d9f9 --- /dev/null +++ b/2020/10xxx/CVE-2020-10460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10461.json b/2020/10xxx/CVE-2020-10461.json new file mode 100644 index 00000000000..174a9ba0407 --- /dev/null +++ b/2020/10xxx/CVE-2020-10461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10462.json b/2020/10xxx/CVE-2020-10462.json new file mode 100644 index 00000000000..54b0e6eb98f --- /dev/null +++ b/2020/10xxx/CVE-2020-10462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10463.json b/2020/10xxx/CVE-2020-10463.json new file mode 100644 index 00000000000..7367dfa5284 --- /dev/null +++ b/2020/10xxx/CVE-2020-10463.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10463", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10464.json b/2020/10xxx/CVE-2020-10464.json new file mode 100644 index 00000000000..66fbf8ea048 --- /dev/null +++ b/2020/10xxx/CVE-2020-10464.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10464", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10465.json b/2020/10xxx/CVE-2020-10465.json new file mode 100644 index 00000000000..7275cda9fa8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10465.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10465", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10466.json b/2020/10xxx/CVE-2020-10466.json new file mode 100644 index 00000000000..90762351232 --- /dev/null +++ b/2020/10xxx/CVE-2020-10466.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10466", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10467.json b/2020/10xxx/CVE-2020-10467.json new file mode 100644 index 00000000000..b0b14ccec1d --- /dev/null +++ b/2020/10xxx/CVE-2020-10467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10467", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10468.json b/2020/10xxx/CVE-2020-10468.json new file mode 100644 index 00000000000..5d99f5c14ee --- /dev/null +++ b/2020/10xxx/CVE-2020-10468.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10468", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10469.json b/2020/10xxx/CVE-2020-10469.json new file mode 100644 index 00000000000..41d7cc598f2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10469", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10470.json b/2020/10xxx/CVE-2020-10470.json new file mode 100644 index 00000000000..c3a2cc42b98 --- /dev/null +++ b/2020/10xxx/CVE-2020-10470.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10470", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10471.json b/2020/10xxx/CVE-2020-10471.json new file mode 100644 index 00000000000..6be0c8726e2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10472.json b/2020/10xxx/CVE-2020-10472.json new file mode 100644 index 00000000000..2a5c220d413 --- /dev/null +++ b/2020/10xxx/CVE-2020-10472.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10472", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10473.json b/2020/10xxx/CVE-2020-10473.json new file mode 100644 index 00000000000..24dbfe3c4d4 --- /dev/null +++ b/2020/10xxx/CVE-2020-10473.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10473", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10474.json b/2020/10xxx/CVE-2020-10474.json new file mode 100644 index 00000000000..b60214f3e84 --- /dev/null +++ b/2020/10xxx/CVE-2020-10474.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10474", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10475.json b/2020/10xxx/CVE-2020-10475.json new file mode 100644 index 00000000000..7c6f68384ab --- /dev/null +++ b/2020/10xxx/CVE-2020-10475.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10475", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10476.json b/2020/10xxx/CVE-2020-10476.json new file mode 100644 index 00000000000..4e7bc1f6c12 --- /dev/null +++ b/2020/10xxx/CVE-2020-10476.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10476", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10477.json b/2020/10xxx/CVE-2020-10477.json new file mode 100644 index 00000000000..f862a89690c --- /dev/null +++ b/2020/10xxx/CVE-2020-10477.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10477", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10478.json b/2020/10xxx/CVE-2020-10478.json new file mode 100644 index 00000000000..73bf48588ce --- /dev/null +++ b/2020/10xxx/CVE-2020-10478.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10478", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10479.json b/2020/10xxx/CVE-2020-10479.json new file mode 100644 index 00000000000..28becea9d97 --- /dev/null +++ b/2020/10xxx/CVE-2020-10479.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10479", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10480.json b/2020/10xxx/CVE-2020-10480.json new file mode 100644 index 00000000000..50890fddb97 --- /dev/null +++ b/2020/10xxx/CVE-2020-10480.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10480", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10481.json b/2020/10xxx/CVE-2020-10481.json new file mode 100644 index 00000000000..3a939d73fcf --- /dev/null +++ b/2020/10xxx/CVE-2020-10481.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10481", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10482.json b/2020/10xxx/CVE-2020-10482.json new file mode 100644 index 00000000000..176039b5857 --- /dev/null +++ b/2020/10xxx/CVE-2020-10482.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10482", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10483.json b/2020/10xxx/CVE-2020-10483.json new file mode 100644 index 00000000000..9eda03c969d --- /dev/null +++ b/2020/10xxx/CVE-2020-10483.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10483", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10484.json b/2020/10xxx/CVE-2020-10484.json new file mode 100644 index 00000000000..c5d59e1cd1d --- /dev/null +++ b/2020/10xxx/CVE-2020-10484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10484", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10485.json b/2020/10xxx/CVE-2020-10485.json new file mode 100644 index 00000000000..b1792288a0c --- /dev/null +++ b/2020/10xxx/CVE-2020-10485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10485", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10486.json b/2020/10xxx/CVE-2020-10486.json new file mode 100644 index 00000000000..f2abad6b197 --- /dev/null +++ b/2020/10xxx/CVE-2020-10486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10486", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10487.json b/2020/10xxx/CVE-2020-10487.json new file mode 100644 index 00000000000..742d9226dd5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10487.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10487", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10488.json b/2020/10xxx/CVE-2020-10488.json new file mode 100644 index 00000000000..a51d5942ecd --- /dev/null +++ b/2020/10xxx/CVE-2020-10488.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10488", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10489.json b/2020/10xxx/CVE-2020-10489.json new file mode 100644 index 00000000000..ead2ca2de80 --- /dev/null +++ b/2020/10xxx/CVE-2020-10489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10489", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10490.json b/2020/10xxx/CVE-2020-10490.json new file mode 100644 index 00000000000..4b3eba5cea2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10490", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10491.json b/2020/10xxx/CVE-2020-10491.json new file mode 100644 index 00000000000..8cd81e6a065 --- /dev/null +++ b/2020/10xxx/CVE-2020-10491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10492.json b/2020/10xxx/CVE-2020-10492.json new file mode 100644 index 00000000000..e34289ae45b --- /dev/null +++ b/2020/10xxx/CVE-2020-10492.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10492", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10493.json b/2020/10xxx/CVE-2020-10493.json new file mode 100644 index 00000000000..bcb1cbbb2aa --- /dev/null +++ b/2020/10xxx/CVE-2020-10493.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10493", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10494.json b/2020/10xxx/CVE-2020-10494.json new file mode 100644 index 00000000000..bd107bc1439 --- /dev/null +++ b/2020/10xxx/CVE-2020-10494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10494", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10495.json b/2020/10xxx/CVE-2020-10495.json new file mode 100644 index 00000000000..16f11dfe962 --- /dev/null +++ b/2020/10xxx/CVE-2020-10495.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10495", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10496.json b/2020/10xxx/CVE-2020-10496.json new file mode 100644 index 00000000000..1ab419a5441 --- /dev/null +++ b/2020/10xxx/CVE-2020-10496.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10496", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10497.json b/2020/10xxx/CVE-2020-10497.json new file mode 100644 index 00000000000..8627744bdb8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10497", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10498.json b/2020/10xxx/CVE-2020-10498.json new file mode 100644 index 00000000000..0286bd0919e --- /dev/null +++ b/2020/10xxx/CVE-2020-10498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10498", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10499.json b/2020/10xxx/CVE-2020-10499.json new file mode 100644 index 00000000000..9fa03bc8c73 --- /dev/null +++ b/2020/10xxx/CVE-2020-10499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10500.json b/2020/10xxx/CVE-2020-10500.json new file mode 100644 index 00000000000..15c0502615a --- /dev/null +++ b/2020/10xxx/CVE-2020-10500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 854b76d0ca50ee0ddb9f61198a10211d1064af72 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 07:01:30 +0000 Subject: [PATCH 054/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10386.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10387.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10388.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10389.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10390.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10391.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10392.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10393.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10394.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10395.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10396.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10397.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10398.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10399.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10400.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10501.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10502.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10503.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10504.json | 18 ++++++++++++++++++ 19 files changed, 342 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10386.json create mode 100644 2020/10xxx/CVE-2020-10387.json create mode 100644 2020/10xxx/CVE-2020-10388.json create mode 100644 2020/10xxx/CVE-2020-10389.json create mode 100644 2020/10xxx/CVE-2020-10390.json create mode 100644 2020/10xxx/CVE-2020-10391.json create mode 100644 2020/10xxx/CVE-2020-10392.json create mode 100644 2020/10xxx/CVE-2020-10393.json create mode 100644 2020/10xxx/CVE-2020-10394.json create mode 100644 2020/10xxx/CVE-2020-10395.json create mode 100644 2020/10xxx/CVE-2020-10396.json create mode 100644 2020/10xxx/CVE-2020-10397.json create mode 100644 2020/10xxx/CVE-2020-10398.json create mode 100644 2020/10xxx/CVE-2020-10399.json create mode 100644 2020/10xxx/CVE-2020-10400.json create mode 100644 2020/10xxx/CVE-2020-10501.json create mode 100644 2020/10xxx/CVE-2020-10502.json create mode 100644 2020/10xxx/CVE-2020-10503.json create mode 100644 2020/10xxx/CVE-2020-10504.json diff --git a/2020/10xxx/CVE-2020-10386.json b/2020/10xxx/CVE-2020-10386.json new file mode 100644 index 00000000000..327e0c41858 --- /dev/null +++ b/2020/10xxx/CVE-2020-10386.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10386", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10387.json b/2020/10xxx/CVE-2020-10387.json new file mode 100644 index 00000000000..c2b579f9ab8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10387.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10387", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10388.json b/2020/10xxx/CVE-2020-10388.json new file mode 100644 index 00000000000..918acdb51f6 --- /dev/null +++ b/2020/10xxx/CVE-2020-10388.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10388", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10389.json b/2020/10xxx/CVE-2020-10389.json new file mode 100644 index 00000000000..b531ba90a20 --- /dev/null +++ b/2020/10xxx/CVE-2020-10389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10390.json b/2020/10xxx/CVE-2020-10390.json new file mode 100644 index 00000000000..a4dc783793c --- /dev/null +++ b/2020/10xxx/CVE-2020-10390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10391.json b/2020/10xxx/CVE-2020-10391.json new file mode 100644 index 00000000000..aaf60930d52 --- /dev/null +++ b/2020/10xxx/CVE-2020-10391.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10391", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10392.json b/2020/10xxx/CVE-2020-10392.json new file mode 100644 index 00000000000..f889d250c3c --- /dev/null +++ b/2020/10xxx/CVE-2020-10392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10393.json b/2020/10xxx/CVE-2020-10393.json new file mode 100644 index 00000000000..09add6f5642 --- /dev/null +++ b/2020/10xxx/CVE-2020-10393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10394.json b/2020/10xxx/CVE-2020-10394.json new file mode 100644 index 00000000000..3abb9f04ec4 --- /dev/null +++ b/2020/10xxx/CVE-2020-10394.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10394", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10395.json b/2020/10xxx/CVE-2020-10395.json new file mode 100644 index 00000000000..7fc80f74cda --- /dev/null +++ b/2020/10xxx/CVE-2020-10395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10396.json b/2020/10xxx/CVE-2020-10396.json new file mode 100644 index 00000000000..ce8b11281bd --- /dev/null +++ b/2020/10xxx/CVE-2020-10396.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10396", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10397.json b/2020/10xxx/CVE-2020-10397.json new file mode 100644 index 00000000000..73017cc310f --- /dev/null +++ b/2020/10xxx/CVE-2020-10397.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10397", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10398.json b/2020/10xxx/CVE-2020-10398.json new file mode 100644 index 00000000000..a59799d1a59 --- /dev/null +++ b/2020/10xxx/CVE-2020-10398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10399.json b/2020/10xxx/CVE-2020-10399.json new file mode 100644 index 00000000000..b2363e09a2a --- /dev/null +++ b/2020/10xxx/CVE-2020-10399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10400.json b/2020/10xxx/CVE-2020-10400.json new file mode 100644 index 00000000000..249701be862 --- /dev/null +++ b/2020/10xxx/CVE-2020-10400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10501.json b/2020/10xxx/CVE-2020-10501.json new file mode 100644 index 00000000000..049da8c6c00 --- /dev/null +++ b/2020/10xxx/CVE-2020-10501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10501", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10502.json b/2020/10xxx/CVE-2020-10502.json new file mode 100644 index 00000000000..c6a9de4f982 --- /dev/null +++ b/2020/10xxx/CVE-2020-10502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10503.json b/2020/10xxx/CVE-2020-10503.json new file mode 100644 index 00000000000..5c0713711c0 --- /dev/null +++ b/2020/10xxx/CVE-2020-10503.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10503", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10504.json b/2020/10xxx/CVE-2020-10504.json new file mode 100644 index 00000000000..b2ac81c26e5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10504.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10504", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From ad23277a8224ecc4943fbbf42eb1f0b91f29ce39 Mon Sep 17 00:00:00 2001 From: Swayam Sarangi <52279915+ssarangi1202@users.noreply.github.com> Date: Thu, 12 Mar 2020 16:20:25 +0530 Subject: [PATCH 055/144] Publish CVE-2020-7253 SB is already live --- 2020/7xxx/CVE-2020-7253.json | 84 +++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/2020/7xxx/CVE-2020-7253.json b/2020/7xxx/CVE-2020-7253.json index 08435521e88..fc44e0cdf90 100644 --- a/2020/7xxx/CVE-2020-7253.json +++ b/2020/7xxx/CVE-2020-7253.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "2020-03-10T00:00:00.000Z", "ID": "CVE-2020-7253", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper access control vulnerability in McAfee Agent" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Agent (MA)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.6.x", + "version_value": "5.6.4" + } + ] + } + } + ] + }, + "vendor_name": "McAfee, LLC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10312", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10312" + } + ] + }, + "source": { + "discovery": "INTERNAL" } -} \ No newline at end of file +} From 363c5e95d53a37d685c8f503eb93600982e476f3 Mon Sep 17 00:00:00 2001 From: Swayam Sarangi <52279915+ssarangi1202@users.noreply.github.com> Date: Thu, 12 Mar 2020 16:29:07 +0530 Subject: [PATCH 056/144] Publish CVE-2020=7254 SB is already live --- 2020/7xxx/CVE-2020-7254.json | 98 +++++++++++++++++++++++++++++++++--- 1 file changed, 91 insertions(+), 7 deletions(-) diff --git a/2020/7xxx/CVE-2020-7254.json b/2020/7xxx/CVE-2020-7254.json index 1453e5d6f9f..a7493a97b38 100644 --- a/2020/7xxx/CVE-2020-7254.json +++ b/2020/7xxx/CVE-2020-7254.json @@ -1,18 +1,102 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "2020-03-10T00:00:00.000Z", "ID": "CVE-2020-7254", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Privilege escalation in Advanced Threat Defense" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": " McAfee Advanced Threat Defense (ATD)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.x", + "version_value": "4.8.2" + } + ] + } + } + ] + }, + "vendor_name": "McAfee, LLC" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "McAfee credits Jerome Nokin from NCIA for responsibly reporting CVE-2020-7254" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10311", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10311" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } -} \ No newline at end of file +} From 7654d3eec2454ed0ae75f07865f504412d28c5eb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 12:01:18 +0000 Subject: [PATCH 057/144] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20503.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/20xxx/CVE-2019-20503.json b/2019/20xxx/CVE-2019-20503.json index cfed79b9278..ad7037fda93 100644 --- a/2019/20xxx/CVE-2019-20503.json +++ b/2019/20xxx/CVE-2019-20503.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2140-1] firefox-esr security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4639", + "url": "https://www.debian.org/security/2020/dsa-4639" } ] } From 89e8c0c1f6c3127d764e8fa5b294add63e5111c9 Mon Sep 17 00:00:00 2001 From: todb-r7 Date: Thu, 12 Mar 2020 07:53:21 -0500 Subject: [PATCH 058/144] Remove confusing CONFIRM link --- 2019/5xxx/CVE-2019-5648.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/2019/5xxx/CVE-2019-5648.json b/2019/5xxx/CVE-2019-5648.json index 335673baca0..ffdf8270c64 100644 --- a/2019/5xxx/CVE-2019-5648.json +++ b/2019/5xxx/CVE-2019-5648.json @@ -80,10 +80,6 @@ { "refsource": "MISC", "url": "https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/" - }, - { - "refsource": "CONFIRM", - "url": "https://campus.barracuda.com/product/webapplicationfirewall/doc/90444925/release-notes-version-10-0-1/" } ] }, From ed1eac3b569c5e884625ddf4b88db888976a4fcd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 13:01:16 +0000 Subject: [PATCH 059/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10108.json | 61 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10109.json | 61 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10386.json | 56 +++++++++++++++++++++++++++---- 3 files changed, 160 insertions(+), 18 deletions(-) diff --git a/2020/10xxx/CVE-2020-10108.json b/2020/10xxx/CVE-2020-10108.json index 403dab4ff9c..52f44323d3f 100644 --- a/2020/10xxx/CVE-2020-10108.json +++ b/2020/10xxx/CVE-2020-10108.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10108", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10108", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/twisted-version-19.10.0", + "url": "https://know.bishopfox.com/advisories/twisted-version-19.10.0" } ] } diff --git a/2020/10xxx/CVE-2020-10109.json b/2020/10xxx/CVE-2020-10109.json index 8c7124abbd5..d82bb960d61 100644 --- a/2020/10xxx/CVE-2020-10109.json +++ b/2020/10xxx/CVE-2020-10109.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10109", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10109", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/twisted-version-19.10.0", + "url": "https://know.bishopfox.com/advisories/twisted-version-19.10.0" } ] } diff --git a/2020/10xxx/CVE-2020-10386.json b/2020/10xxx/CVE-2020-10386.json index 327e0c41858..a6821a5da77 100644 --- a/2020/10xxx/CVE-2020-10386.json +++ b/2020/10xxx/CVE-2020-10386.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10386", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10386", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#rce1", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#rce1" } ] } From c0b251db5a6fa02d77a4b563034bfe867d17328a Mon Sep 17 00:00:00 2001 From: Guilherme de Almeida Suckevicz Date: Thu, 12 Mar 2020 10:21:04 -0300 Subject: [PATCH 060/144] CVE-2020-1739 init. --- 2020/1xxx/CVE-2020-1739.json | 70 ++++++++++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 3 deletions(-) diff --git a/2020/1xxx/CVE-2020-1739.json b/2020/1xxx/CVE-2020-1739.json index 67da5dbf70c..633769f90af 100644 --- a/2020/1xxx/CVE-2020-1739.json +++ b/2020/1xxx/CVE-2020-1739.json @@ -4,15 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1739", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "gsuckevi@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Ansible", + "version": { + "version_data": [ + { + "version_value": "2.7.16 and prior" + }, + { + "version_value": "2.8.8 and prior" + }, + { + "version_value": "2.9.5 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739", + "refsource": "CONFIRM" + }, + { + "url": "https://github.com/ansible/ansible/issues/67797", + "name": "https://github.com/ansible/ansible/issues/67797", + "refsource": "MISC" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.9/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file From 78d77f7b3d07b560104d0c82bf4bee5473c72050 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 14:01:09 +0000 Subject: [PATCH 061/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10391.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10392.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10393.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10394.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10395.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10396.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10397.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10398.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10399.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10400.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10401.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10402.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10403.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10404.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10405.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10406.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10407.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10408.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10409.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10410.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10411.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10412.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10413.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10414.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10415.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10416.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10417.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10418.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10419.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10420.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10421.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10422.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10423.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10424.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10425.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10426.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10427.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10428.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10429.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10430.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10431.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10432.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10433.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10434.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10435.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10436.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10437.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10438.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10439.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10440.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10441.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10442.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10443.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10444.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10445.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10446.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10447.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10448.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10449.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10450.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10451.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10452.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10453.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10454.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10455.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10456.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10457.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10458.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10459.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10460.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10461.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10462.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10463.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10464.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10465.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10466.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10467.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10468.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10469.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10470.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10471.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10472.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10473.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10474.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10475.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10476.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10477.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10478.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10479.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10480.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10481.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10482.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10483.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10484.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10485.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10486.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10487.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10488.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10489.json | 56 ++++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10490.json | 56 ++++++++++++++++++++++++++++++---- 100 files changed, 5000 insertions(+), 600 deletions(-) diff --git a/2020/10xxx/CVE-2020-10391.json b/2020/10xxx/CVE-2020-10391.json index aaf60930d52..894910b6513 100644 --- a/2020/10xxx/CVE-2020-10391.json +++ b/2020/10xxx/CVE-2020-10391.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10391", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10391", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10392.json b/2020/10xxx/CVE-2020-10392.json index f889d250c3c..26cd25a6878 100644 --- a/2020/10xxx/CVE-2020-10392.json +++ b/2020/10xxx/CVE-2020-10392.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10392", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10392", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10393.json b/2020/10xxx/CVE-2020-10393.json index 09add6f5642..251145c03ac 100644 --- a/2020/10xxx/CVE-2020-10393.json +++ b/2020/10xxx/CVE-2020-10393.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10393", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10393", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10394.json b/2020/10xxx/CVE-2020-10394.json index 3abb9f04ec4..82e56dab036 100644 --- a/2020/10xxx/CVE-2020-10394.json +++ b/2020/10xxx/CVE-2020-10394.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10394", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10394", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10395.json b/2020/10xxx/CVE-2020-10395.json index 7fc80f74cda..523e726e374 100644 --- a/2020/10xxx/CVE-2020-10395.json +++ b/2020/10xxx/CVE-2020-10395.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10395", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10395", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10396.json b/2020/10xxx/CVE-2020-10396.json index ce8b11281bd..14d966bde6e 100644 --- a/2020/10xxx/CVE-2020-10396.json +++ b/2020/10xxx/CVE-2020-10396.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10396", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10396", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10397.json b/2020/10xxx/CVE-2020-10397.json index 73017cc310f..a89e8adc6b0 100644 --- a/2020/10xxx/CVE-2020-10397.json +++ b/2020/10xxx/CVE-2020-10397.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10397", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10397", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10398.json b/2020/10xxx/CVE-2020-10398.json index a59799d1a59..8fc8a8a055b 100644 --- a/2020/10xxx/CVE-2020-10398.json +++ b/2020/10xxx/CVE-2020-10398.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10398", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10398", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10399.json b/2020/10xxx/CVE-2020-10399.json index b2363e09a2a..b3462b351a8 100644 --- a/2020/10xxx/CVE-2020-10399.json +++ b/2020/10xxx/CVE-2020-10399.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10399", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10399", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10400.json b/2020/10xxx/CVE-2020-10400.json index 249701be862..e8a4fe53466 100644 --- a/2020/10xxx/CVE-2020-10400.json +++ b/2020/10xxx/CVE-2020-10400.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10400", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10400", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10401.json b/2020/10xxx/CVE-2020-10401.json index 11a535e63ec..25fa9f14bff 100644 --- a/2020/10xxx/CVE-2020-10401.json +++ b/2020/10xxx/CVE-2020-10401.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10401", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10401", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10402.json b/2020/10xxx/CVE-2020-10402.json index d1a5df320fa..3241f5cdde2 100644 --- a/2020/10xxx/CVE-2020-10402.json +++ b/2020/10xxx/CVE-2020-10402.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10402", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10402", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10403.json b/2020/10xxx/CVE-2020-10403.json index 927bb6a2854..6fd6f62226f 100644 --- a/2020/10xxx/CVE-2020-10403.json +++ b/2020/10xxx/CVE-2020-10403.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10403", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10403", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10404.json b/2020/10xxx/CVE-2020-10404.json index 96c7b63126a..274dff29b3e 100644 --- a/2020/10xxx/CVE-2020-10404.json +++ b/2020/10xxx/CVE-2020-10404.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10404", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10404", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10405.json b/2020/10xxx/CVE-2020-10405.json index 862f0a6c977..2ba5986671f 100644 --- a/2020/10xxx/CVE-2020-10405.json +++ b/2020/10xxx/CVE-2020-10405.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10405", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10405", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10406.json b/2020/10xxx/CVE-2020-10406.json index 47eb1f41105..e3c5aefcc5c 100644 --- a/2020/10xxx/CVE-2020-10406.json +++ b/2020/10xxx/CVE-2020-10406.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10406", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10406", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10407.json b/2020/10xxx/CVE-2020-10407.json index 38dea01cad4..a46624f742e 100644 --- a/2020/10xxx/CVE-2020-10407.json +++ b/2020/10xxx/CVE-2020-10407.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10407", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10407", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-news.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10408.json b/2020/10xxx/CVE-2020-10408.json index e0f9eee7e5b..f36dc178110 100644 --- a/2020/10xxx/CVE-2020-10408.json +++ b/2020/10xxx/CVE-2020-10408.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10408", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10408", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10409.json b/2020/10xxx/CVE-2020-10409.json index 5136bd9a612..44ccdc48928 100644 --- a/2020/10xxx/CVE-2020-10409.json +++ b/2020/10xxx/CVE-2020-10409.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10409", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10409", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10410.json b/2020/10xxx/CVE-2020-10410.json index 40dadde92dd..40ff688ca70 100644 --- a/2020/10xxx/CVE-2020-10410.json +++ b/2020/10xxx/CVE-2020-10410.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10410", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10410", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10411.json b/2020/10xxx/CVE-2020-10411.json index 366e2ae6a4b..9ce7aa14bff 100644 --- a/2020/10xxx/CVE-2020-10411.json +++ b/2020/10xxx/CVE-2020-10411.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10411", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10411", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10412.json b/2020/10xxx/CVE-2020-10412.json index 02b613f79ff..a4f8875a84c 100644 --- a/2020/10xxx/CVE-2020-10412.json +++ b/2020/10xxx/CVE-2020-10412.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10412", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10412", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-csv.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10413.json b/2020/10xxx/CVE-2020-10413.json index c422dd70251..d4c9fbce85c 100644 --- a/2020/10xxx/CVE-2020-10413.json +++ b/2020/10xxx/CVE-2020-10413.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10413", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10413", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10414.json b/2020/10xxx/CVE-2020-10414.json index 0eec16a9651..7b7b1c97638 100644 --- a/2020/10xxx/CVE-2020-10414.json +++ b/2020/10xxx/CVE-2020-10414.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10414", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10414", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10415.json b/2020/10xxx/CVE-2020-10415.json index 20fcb3347e5..219a051541f 100644 --- a/2020/10xxx/CVE-2020-10415.json +++ b/2020/10xxx/CVE-2020-10415.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10415", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10415", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10416.json b/2020/10xxx/CVE-2020-10416.json index 12d448e0c57..5843a5339cc 100644 --- a/2020/10xxx/CVE-2020-10416.json +++ b/2020/10xxx/CVE-2020-10416.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10416", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10416", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10417.json b/2020/10xxx/CVE-2020-10417.json index 487e923a03a..05e0cba3ebe 100644 --- a/2020/10xxx/CVE-2020-10417.json +++ b/2020/10xxx/CVE-2020-10417.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10417", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10417", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-articles.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10418.json b/2020/10xxx/CVE-2020-10418.json index b74cb6fcfb8..a297bbbbaee 100644 --- a/2020/10xxx/CVE-2020-10418.json +++ b/2020/10xxx/CVE-2020-10418.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10418", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10418", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10419.json b/2020/10xxx/CVE-2020-10419.json index 505d2ff8373..95896937522 100644 --- a/2020/10xxx/CVE-2020-10419.json +++ b/2020/10xxx/CVE-2020-10419.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10419", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10419", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-categories.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10420.json b/2020/10xxx/CVE-2020-10420.json index 1dcf613fe4c..3f98cb2ccf4 100644 --- a/2020/10xxx/CVE-2020-10420.json +++ b/2020/10xxx/CVE-2020-10420.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10420", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10420", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10421.json b/2020/10xxx/CVE-2020-10421.json index 3d553e6b160..9e3b34b38de 100644 --- a/2020/10xxx/CVE-2020-10421.json +++ b/2020/10xxx/CVE-2020-10421.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10421", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10421", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10422.json b/2020/10xxx/CVE-2020-10422.json index 3eb753424fc..f10fc23f3d3 100644 --- a/2020/10xxx/CVE-2020-10422.json +++ b/2020/10xxx/CVE-2020-10422.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10422", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10422", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-drafts.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10423.json b/2020/10xxx/CVE-2020-10423.json index 9e26f9bbbb1..707e6734b70 100644 --- a/2020/10xxx/CVE-2020-10423.json +++ b/2020/10xxx/CVE-2020-10423.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10423", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10423", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10424.json b/2020/10xxx/CVE-2020-10424.json index 8b178da5ce8..a69c8169669 100644 --- a/2020/10xxx/CVE-2020-10424.json +++ b/2020/10xxx/CVE-2020-10424.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10424", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10424", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-fields.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10425.json b/2020/10xxx/CVE-2020-10425.json index ed1daadb664..e7f687255ef 100644 --- a/2020/10xxx/CVE-2020-10425.json +++ b/2020/10xxx/CVE-2020-10425.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10425", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10425", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-glossary.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10426.json b/2020/10xxx/CVE-2020-10426.json index 254d6e316ae..1e7cfb10623 100644 --- a/2020/10xxx/CVE-2020-10426.json +++ b/2020/10xxx/CVE-2020-10426.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10426", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10426", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10427.json b/2020/10xxx/CVE-2020-10427.json index 02377e9d9c6..8eb0abe04c0 100644 --- a/2020/10xxx/CVE-2020-10427.json +++ b/2020/10xxx/CVE-2020-10427.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10427", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10427", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10428.json b/2020/10xxx/CVE-2020-10428.json index 98d0744578f..630ad045d74 100644 --- a/2020/10xxx/CVE-2020-10428.json +++ b/2020/10xxx/CVE-2020-10428.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10428", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10428", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10429.json b/2020/10xxx/CVE-2020-10429.json index 95818c374bf..dfe7929915a 100644 --- a/2020/10xxx/CVE-2020-10429.json +++ b/2020/10xxx/CVE-2020-10429.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10429", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10429", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10430.json b/2020/10xxx/CVE-2020-10430.json index 7cf08373cb9..dcaa3952164 100644 --- a/2020/10xxx/CVE-2020-10430.json +++ b/2020/10xxx/CVE-2020-10430.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10430", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10430", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-subscribers.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10431.json b/2020/10xxx/CVE-2020-10431.json index 2b62ae560be..d187072ddd8 100644 --- a/2020/10xxx/CVE-2020-10431.json +++ b/2020/10xxx/CVE-2020-10431.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10431", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10431", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10432.json b/2020/10xxx/CVE-2020-10432.json index 2de4ee99c57..ed6ae185f4b 100644 --- a/2020/10xxx/CVE-2020-10432.json +++ b/2020/10xxx/CVE-2020-10432.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10432", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10432", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10433.json b/2020/10xxx/CVE-2020-10433.json index 8fa86fe2cf0..638f80e93a8 100644 --- a/2020/10xxx/CVE-2020-10433.json +++ b/2020/10xxx/CVE-2020-10433.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10433", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10433", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10434.json b/2020/10xxx/CVE-2020-10434.json index 6df4904f83b..ab2670e2f89 100644 --- a/2020/10xxx/CVE-2020-10434.json +++ b/2020/10xxx/CVE-2020-10434.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10434", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10434", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10435.json b/2020/10xxx/CVE-2020-10435.json index 6c7ad271f43..df7c6c607b7 100644 --- a/2020/10xxx/CVE-2020-10435.json +++ b/2020/10xxx/CVE-2020-10435.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10435", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10435", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10436.json b/2020/10xxx/CVE-2020-10436.json index 5f2c4498580..9e01e40cd61 100644 --- a/2020/10xxx/CVE-2020-10436.json +++ b/2020/10xxx/CVE-2020-10436.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10436", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10436", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10437.json b/2020/10xxx/CVE-2020-10437.json index c8b797e45f0..bf1153d4030 100644 --- a/2020/10xxx/CVE-2020-10437.json +++ b/2020/10xxx/CVE-2020-10437.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10437", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10437", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/optimize-database.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10438.json b/2020/10xxx/CVE-2020-10438.json index 58a7a883ac8..bcd76ef39f2 100644 --- a/2020/10xxx/CVE-2020-10438.json +++ b/2020/10xxx/CVE-2020-10438.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10438", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10438", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10439.json b/2020/10xxx/CVE-2020-10439.json index 06874913bdf..f0189ef4e67 100644 --- a/2020/10xxx/CVE-2020-10439.json +++ b/2020/10xxx/CVE-2020-10439.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10439", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10439", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10440.json b/2020/10xxx/CVE-2020-10440.json index bcb3394851a..be270fe2a97 100644 --- a/2020/10xxx/CVE-2020-10440.json +++ b/2020/10xxx/CVE-2020-10440.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10440", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10440", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10441.json b/2020/10xxx/CVE-2020-10441.json index 83e95af651d..ee100ecf027 100644 --- a/2020/10xxx/CVE-2020-10441.json +++ b/2020/10xxx/CVE-2020-10441.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10441", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10441", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10442.json b/2020/10xxx/CVE-2020-10442.json index afd5371a3ff..5a07560eb72 100644 --- a/2020/10xxx/CVE-2020-10442.json +++ b/2020/10xxx/CVE-2020-10442.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10442", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10442", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10443.json b/2020/10xxx/CVE-2020-10443.json index d19968f812b..f1de5e46528 100644 --- a/2020/10xxx/CVE-2020-10443.json +++ b/2020/10xxx/CVE-2020-10443.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10443", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10443", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10444.json b/2020/10xxx/CVE-2020-10444.json index 7acf944c9e8..539c365200a 100644 --- a/2020/10xxx/CVE-2020-10444.json +++ b/2020/10xxx/CVE-2020-10444.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10444", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10444", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10445.json b/2020/10xxx/CVE-2020-10445.json index 33dd5525cb5..55f41d64845 100644 --- a/2020/10xxx/CVE-2020-10445.json +++ b/2020/10xxx/CVE-2020-10445.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10445", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10445", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10446.json b/2020/10xxx/CVE-2020-10446.json index b1d07344325..66e1a3b20bd 100644 --- a/2020/10xxx/CVE-2020-10446.json +++ b/2020/10xxx/CVE-2020-10446.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10446", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10446", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10447.json b/2020/10xxx/CVE-2020-10447.json index 97562c4e7dc..9840311dcd9 100644 --- a/2020/10xxx/CVE-2020-10447.json +++ b/2020/10xxx/CVE-2020-10447.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10447", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10447", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10448.json b/2020/10xxx/CVE-2020-10448.json index 0405b1345ed..4c7ecfb3701 100644 --- a/2020/10xxx/CVE-2020-10448.json +++ b/2020/10xxx/CVE-2020-10448.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10448", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10448", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10449.json b/2020/10xxx/CVE-2020-10449.json index be3575b3a9e..ac095345955 100644 --- a/2020/10xxx/CVE-2020-10449.json +++ b/2020/10xxx/CVE-2020-10449.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10449", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10449", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10450.json b/2020/10xxx/CVE-2020-10450.json index 1aee2334009..2f2682dec35 100644 --- a/2020/10xxx/CVE-2020-10450.json +++ b/2020/10xxx/CVE-2020-10450.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10450", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10450", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10451.json b/2020/10xxx/CVE-2020-10451.json index 9cce8e0854a..7094c8a84bb 100644 --- a/2020/10xxx/CVE-2020-10451.json +++ b/2020/10xxx/CVE-2020-10451.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10451", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10451", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10452.json b/2020/10xxx/CVE-2020-10452.json index d2730e8217f..9f7f53bd8f4 100644 --- a/2020/10xxx/CVE-2020-10452.json +++ b/2020/10xxx/CVE-2020-10452.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10452", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10452", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10453.json b/2020/10xxx/CVE-2020-10453.json index c018b76d66e..ff2310441ed 100644 --- a/2020/10xxx/CVE-2020-10453.json +++ b/2020/10xxx/CVE-2020-10453.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10453", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10453", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10454.json b/2020/10xxx/CVE-2020-10454.json index 5fe4c5974c0..0b8998dcfc3 100644 --- a/2020/10xxx/CVE-2020-10454.json +++ b/2020/10xxx/CVE-2020-10454.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10454", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10454", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10455.json b/2020/10xxx/CVE-2020-10455.json index a8247df8919..2a39fdbbd5c 100644 --- a/2020/10xxx/CVE-2020-10455.json +++ b/2020/10xxx/CVE-2020-10455.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10455", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10455", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10456.json b/2020/10xxx/CVE-2020-10456.json index 3342af0120d..2894624f956 100644 --- a/2020/10xxx/CVE-2020-10456.json +++ b/2020/10xxx/CVE-2020-10456.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10456", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10456", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#uxss", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#uxss" } ] } diff --git a/2020/10xxx/CVE-2020-10457.json b/2020/10xxx/CVE-2020-10457.json index ac9a6aec529..ad286dd2a4e 100644 --- a/2020/10xxx/CVE-2020-10457.json +++ b/2020/10xxx/CVE-2020-10457.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10457", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10457", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#afr", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#afr" } ] } diff --git a/2020/10xxx/CVE-2020-10458.json b/2020/10xxx/CVE-2020-10458.json index c4cb9853f93..b54cc5765a0 100644 --- a/2020/10xxx/CVE-2020-10458.json +++ b/2020/10xxx/CVE-2020-10458.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10458", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10458", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#afld", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#afld" } ] } diff --git a/2020/10xxx/CVE-2020-10459.json b/2020/10xxx/CVE-2020-10459.json index dffe676e4d9..8ab9738fae2 100644 --- a/2020/10xxx/CVE-2020-10459.json +++ b/2020/10xxx/CVE-2020-10459.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10459", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10459", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#afl", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#afl" } ] } diff --git a/2020/10xxx/CVE-2020-10460.json b/2020/10xxx/CVE-2020-10460.json index 58adcf7d9f9..a61b142791e 100644 --- a/2020/10xxx/CVE-2020-10460.json +++ b/2020/10xxx/CVE-2020-10460.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10460", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10460", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#csvinj", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#csvinj" } ] } diff --git a/2020/10xxx/CVE-2020-10461.json b/2020/10xxx/CVE-2020-10461.json index 174a9ba0407..cdb57060043 100644 --- a/2020/10xxx/CVE-2020-10461.json +++ b/2020/10xxx/CVE-2020-10461.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10461", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10461", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#bxss2", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#bxss2" } ] } diff --git a/2020/10xxx/CVE-2020-10462.json b/2020/10xxx/CVE-2020-10462.json index 54b0e6eb98f..a90e1c9b346 100644 --- a/2020/10xxx/CVE-2020-10462.json +++ b/2020/10xxx/CVE-2020-10462.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10462", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10462", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss1", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss1" } ] } diff --git a/2020/10xxx/CVE-2020-10463.json b/2020/10xxx/CVE-2020-10463.json index 7367dfa5284..5920f8f9958 100644 --- a/2020/10xxx/CVE-2020-10463.json +++ b/2020/10xxx/CVE-2020-10463.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10463", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10463", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss2", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss2" } ] } diff --git a/2020/10xxx/CVE-2020-10464.json b/2020/10xxx/CVE-2020-10464.json index 66fbf8ea048..99b3457228c 100644 --- a/2020/10xxx/CVE-2020-10464.json +++ b/2020/10xxx/CVE-2020-10464.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10464", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10464", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss3", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss3" } ] } diff --git a/2020/10xxx/CVE-2020-10465.json b/2020/10xxx/CVE-2020-10465.json index 7275cda9fa8..3befb464f85 100644 --- a/2020/10xxx/CVE-2020-10465.json +++ b/2020/10xxx/CVE-2020-10465.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10465", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10465", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss4", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss4" } ] } diff --git a/2020/10xxx/CVE-2020-10466.json b/2020/10xxx/CVE-2020-10466.json index 90762351232..9f02b9787d2 100644 --- a/2020/10xxx/CVE-2020-10466.json +++ b/2020/10xxx/CVE-2020-10466.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10466", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10466", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss5", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss5" } ] } diff --git a/2020/10xxx/CVE-2020-10467.json b/2020/10xxx/CVE-2020-10467.json index b0b14ccec1d..45b73f47ddd 100644 --- a/2020/10xxx/CVE-2020-10467.json +++ b/2020/10xxx/CVE-2020-10467.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10467", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10467", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss6", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss6" } ] } diff --git a/2020/10xxx/CVE-2020-10468.json b/2020/10xxx/CVE-2020-10468.json index 5d99f5c14ee..bcda66f1ebc 100644 --- a/2020/10xxx/CVE-2020-10468.json +++ b/2020/10xxx/CVE-2020-10468.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10468", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10468", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss7", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss7" } ] } diff --git a/2020/10xxx/CVE-2020-10469.json b/2020/10xxx/CVE-2020-10469.json index 41d7cc598f2..e7428fbf842 100644 --- a/2020/10xxx/CVE-2020-10469.json +++ b/2020/10xxx/CVE-2020-10469.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10469", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10469", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss8", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss8" } ] } diff --git a/2020/10xxx/CVE-2020-10470.json b/2020/10xxx/CVE-2020-10470.json index c3a2cc42b98..8644ecceda4 100644 --- a/2020/10xxx/CVE-2020-10470.json +++ b/2020/10xxx/CVE-2020-10470.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10470", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10470", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss9", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss9" } ] } diff --git a/2020/10xxx/CVE-2020-10471.json b/2020/10xxx/CVE-2020-10471.json index 6be0c8726e2..fc6cdfac189 100644 --- a/2020/10xxx/CVE-2020-10471.json +++ b/2020/10xxx/CVE-2020-10471.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10471", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10471", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss10", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss10" } ] } diff --git a/2020/10xxx/CVE-2020-10472.json b/2020/10xxx/CVE-2020-10472.json index 2a5c220d413..5b0521ffac6 100644 --- a/2020/10xxx/CVE-2020-10472.json +++ b/2020/10xxx/CVE-2020-10472.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10472", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10472", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss11", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss11" } ] } diff --git a/2020/10xxx/CVE-2020-10473.json b/2020/10xxx/CVE-2020-10473.json index 24dbfe3c4d4..426d549c073 100644 --- a/2020/10xxx/CVE-2020-10473.json +++ b/2020/10xxx/CVE-2020-10473.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10473", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10473", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss12", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss12" } ] } diff --git a/2020/10xxx/CVE-2020-10474.json b/2020/10xxx/CVE-2020-10474.json index b60214f3e84..36b4b35bdf0 100644 --- a/2020/10xxx/CVE-2020-10474.json +++ b/2020/10xxx/CVE-2020-10474.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10474", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10474", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss13", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss13" } ] } diff --git a/2020/10xxx/CVE-2020-10475.json b/2020/10xxx/CVE-2020-10475.json index 7c6f68384ab..9e795915a04 100644 --- a/2020/10xxx/CVE-2020-10475.json +++ b/2020/10xxx/CVE-2020-10475.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10475", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10475", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss14", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss14" } ] } diff --git a/2020/10xxx/CVE-2020-10476.json b/2020/10xxx/CVE-2020-10476.json index 4e7bc1f6c12..ae97d408b57 100644 --- a/2020/10xxx/CVE-2020-10476.json +++ b/2020/10xxx/CVE-2020-10476.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10476", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10476", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss15", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss15" } ] } diff --git a/2020/10xxx/CVE-2020-10477.json b/2020/10xxx/CVE-2020-10477.json index f862a89690c..9ac031286f1 100644 --- a/2020/10xxx/CVE-2020-10477.json +++ b/2020/10xxx/CVE-2020-10477.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10477", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10477", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=342#xss16", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=342#xss16" } ] } diff --git a/2020/10xxx/CVE-2020-10478.json b/2020/10xxx/CVE-2020-10478.json index 73bf48588ce..628d91e8120 100644 --- a/2020/10xxx/CVE-2020-10478.json +++ b/2020/10xxx/CVE-2020-10478.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10478", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10478", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf1", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf1" } ] } diff --git a/2020/10xxx/CVE-2020-10479.json b/2020/10xxx/CVE-2020-10479.json index 28becea9d97..2954b6e49c7 100644 --- a/2020/10xxx/CVE-2020-10479.json +++ b/2020/10xxx/CVE-2020-10479.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10479", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10479", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf2", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf2" } ] } diff --git a/2020/10xxx/CVE-2020-10480.json b/2020/10xxx/CVE-2020-10480.json index 50890fddb97..0b3e6b11293 100644 --- a/2020/10xxx/CVE-2020-10480.json +++ b/2020/10xxx/CVE-2020-10480.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10480", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10480", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf3", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf3" } ] } diff --git a/2020/10xxx/CVE-2020-10481.json b/2020/10xxx/CVE-2020-10481.json index 3a939d73fcf..53e5b253073 100644 --- a/2020/10xxx/CVE-2020-10481.json +++ b/2020/10xxx/CVE-2020-10481.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10481", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10481", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf4", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf4" } ] } diff --git a/2020/10xxx/CVE-2020-10482.json b/2020/10xxx/CVE-2020-10482.json index 176039b5857..7d50feeaeb6 100644 --- a/2020/10xxx/CVE-2020-10482.json +++ b/2020/10xxx/CVE-2020-10482.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10482", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10482", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf5", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf5" } ] } diff --git a/2020/10xxx/CVE-2020-10483.json b/2020/10xxx/CVE-2020-10483.json index 9eda03c969d..924ad0820ad 100644 --- a/2020/10xxx/CVE-2020-10483.json +++ b/2020/10xxx/CVE-2020-10483.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10483", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10483", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf6", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf6" } ] } diff --git a/2020/10xxx/CVE-2020-10484.json b/2020/10xxx/CVE-2020-10484.json index c5d59e1cd1d..48b502449d5 100644 --- a/2020/10xxx/CVE-2020-10484.json +++ b/2020/10xxx/CVE-2020-10484.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10484", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10484", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf7", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf7" } ] } diff --git a/2020/10xxx/CVE-2020-10485.json b/2020/10xxx/CVE-2020-10485.json index b1792288a0c..51a213b69c1 100644 --- a/2020/10xxx/CVE-2020-10485.json +++ b/2020/10xxx/CVE-2020-10485.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10485", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10485", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf8", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf8" } ] } diff --git a/2020/10xxx/CVE-2020-10486.json b/2020/10xxx/CVE-2020-10486.json index f2abad6b197..e98721f4c62 100644 --- a/2020/10xxx/CVE-2020-10486.json +++ b/2020/10xxx/CVE-2020-10486.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10486", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10486", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf9", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf9" } ] } diff --git a/2020/10xxx/CVE-2020-10487.json b/2020/10xxx/CVE-2020-10487.json index 742d9226dd5..75f14a385d5 100644 --- a/2020/10xxx/CVE-2020-10487.json +++ b/2020/10xxx/CVE-2020-10487.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10487", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10487", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf10", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf10" } ] } diff --git a/2020/10xxx/CVE-2020-10488.json b/2020/10xxx/CVE-2020-10488.json index a51d5942ecd..0492b80c52b 100644 --- a/2020/10xxx/CVE-2020-10488.json +++ b/2020/10xxx/CVE-2020-10488.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10488", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10488", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf11", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf11" } ] } diff --git a/2020/10xxx/CVE-2020-10489.json b/2020/10xxx/CVE-2020-10489.json index ead2ca2de80..69917783280 100644 --- a/2020/10xxx/CVE-2020-10489.json +++ b/2020/10xxx/CVE-2020-10489.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10489", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10489", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf12", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf12" } ] } diff --git a/2020/10xxx/CVE-2020-10490.json b/2020/10xxx/CVE-2020-10490.json index 4b3eba5cea2..1b1020fa6dc 100644 --- a/2020/10xxx/CVE-2020-10490.json +++ b/2020/10xxx/CVE-2020-10490.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10490", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10490", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf13", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf13" } ] } From f1db36a82feab640ade7f6d7a882828b3480811d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 14:01:31 +0000 Subject: [PATCH 062/144] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20509.json | 68 ++++------------------------------ 2019/5xxx/CVE-2019-5648.json | 33 +++++++++-------- 2020/10xxx/CVE-2020-10387.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10388.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10389.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10390.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10491.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10492.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10493.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10494.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10495.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10496.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10497.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10498.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10499.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10500.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10501.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10502.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10503.json | 56 +++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10504.json | 56 +++++++++++++++++++++++++--- 20 files changed, 924 insertions(+), 185 deletions(-) diff --git a/2019/20xxx/CVE-2019-20509.json b/2019/20xxx/CVE-2019-20509.json index ead4f040448..bbd3bd97a6f 100644 --- a/2019/20xxx/CVE-2019-20509.json +++ b/2019/20xxx/CVE-2019-20509.json @@ -1,71 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-20509", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20509", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "archive_read_support_format_lha.c in libarchive before 3.4.1 does not ensure valid sizes for UTF-16 input, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted LHA archive." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/libarchive/libarchive/commit/91cf9372e89f7af4582964b15ceb7fc6d1b37471", - "refsource": "MISC", - "name": "https://github.com/libarchive/libarchive/commit/91cf9372e89f7af4582964b15ceb7fc6d1b37471" - }, - { - "url": "https://github.com/libarchive/libarchive/issues/1284", - "refsource": "MISC", - "name": "https://github.com/libarchive/libarchive/issues/1284" - }, - { - "url": "https://github.com/libarchive/libarchive/compare/v3.4.0...v3.4.1", - "refsource": "MISC", - "name": "https://github.com/libarchive/libarchive/compare/v3.4.0...v3.4.1" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it only affected a development version. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5648.json b/2019/5xxx/CVE-2019-5648.json index ffdf8270c64..ba1e4bdc8f5 100644 --- a/2019/5xxx/CVE-2019-5648.json +++ b/2019/5xxx/CVE-2019-5648.json @@ -48,20 +48,20 @@ ] }, "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", - "version": "3.0" - } + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", + "version": "3.0" + } }, "problemtype": { "problemtype_data": [ @@ -79,7 +79,8 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/" + "url": "https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/", + "name": "https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/" } ] }, @@ -93,4 +94,4 @@ "advisory": "R7-2019-39", "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10387.json b/2020/10xxx/CVE-2020-10387.json index c2b579f9ab8..9ee41bfcc26 100644 --- a/2020/10xxx/CVE-2020-10387.json +++ b/2020/10xxx/CVE-2020-10387.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10387", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10387", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#afd", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#afd" } ] } diff --git a/2020/10xxx/CVE-2020-10388.json b/2020/10xxx/CVE-2020-10388.json index 918acdb51f6..79cbfd23982 100644 --- a/2020/10xxx/CVE-2020-10388.json +++ b/2020/10xxx/CVE-2020-10388.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10388", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10388", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#bxss1", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#bxss1" } ] } diff --git a/2020/10xxx/CVE-2020-10389.json b/2020/10xxx/CVE-2020-10389.json index b531ba90a20..19bfb5e6aa3 100644 --- a/2020/10xxx/CVE-2020-10389.json +++ b/2020/10xxx/CVE-2020-10389.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10389", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10389", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#rce2", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#rce2" } ] } diff --git a/2020/10xxx/CVE-2020-10390.json b/2020/10xxx/CVE-2020-10390.json index a4dc783793c..3deac5fa656 100644 --- a/2020/10xxx/CVE-2020-10390.json +++ b/2020/10xxx/CVE-2020-10390.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10390", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10390", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=137#rce3", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=137#rce3" } ] } diff --git a/2020/10xxx/CVE-2020-10491.json b/2020/10xxx/CVE-2020-10491.json index 8cd81e6a065..fb2c46ca4bc 100644 --- a/2020/10xxx/CVE-2020-10491.json +++ b/2020/10xxx/CVE-2020-10491.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10491", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10491", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf14", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf14" } ] } diff --git a/2020/10xxx/CVE-2020-10492.json b/2020/10xxx/CVE-2020-10492.json index e34289ae45b..1385695d66c 100644 --- a/2020/10xxx/CVE-2020-10492.json +++ b/2020/10xxx/CVE-2020-10492.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10492", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10492", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf15", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf15" } ] } diff --git a/2020/10xxx/CVE-2020-10493.json b/2020/10xxx/CVE-2020-10493.json index bcb1cbbb2aa..230338775df 100644 --- a/2020/10xxx/CVE-2020-10493.json +++ b/2020/10xxx/CVE-2020-10493.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10493", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10493", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf16", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf16" } ] } diff --git a/2020/10xxx/CVE-2020-10494.json b/2020/10xxx/CVE-2020-10494.json index bd107bc1439..057c15dd061 100644 --- a/2020/10xxx/CVE-2020-10494.json +++ b/2020/10xxx/CVE-2020-10494.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10494", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10494", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf17", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf17" } ] } diff --git a/2020/10xxx/CVE-2020-10495.json b/2020/10xxx/CVE-2020-10495.json index 16f11dfe962..004cf9299bc 100644 --- a/2020/10xxx/CVE-2020-10495.json +++ b/2020/10xxx/CVE-2020-10495.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10495", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10495", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf18", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf18" } ] } diff --git a/2020/10xxx/CVE-2020-10496.json b/2020/10xxx/CVE-2020-10496.json index 1ab419a5441..05ce94c606e 100644 --- a/2020/10xxx/CVE-2020-10496.json +++ b/2020/10xxx/CVE-2020-10496.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10496", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10496", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf19", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf19" } ] } diff --git a/2020/10xxx/CVE-2020-10497.json b/2020/10xxx/CVE-2020-10497.json index 8627744bdb8..350590ccca4 100644 --- a/2020/10xxx/CVE-2020-10497.json +++ b/2020/10xxx/CVE-2020-10497.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10497", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10497", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf20", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf20" } ] } diff --git a/2020/10xxx/CVE-2020-10498.json b/2020/10xxx/CVE-2020-10498.json index 0286bd0919e..112ff7ed8e2 100644 --- a/2020/10xxx/CVE-2020-10498.json +++ b/2020/10xxx/CVE-2020-10498.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10498", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10498", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf21", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf21" } ] } diff --git a/2020/10xxx/CVE-2020-10499.json b/2020/10xxx/CVE-2020-10499.json index 9fa03bc8c73..7a98efaec6e 100644 --- a/2020/10xxx/CVE-2020-10499.json +++ b/2020/10xxx/CVE-2020-10499.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10499", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10499", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf22", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf22" } ] } diff --git a/2020/10xxx/CVE-2020-10500.json b/2020/10xxx/CVE-2020-10500.json index 15c0502615a..41bb030cb00 100644 --- a/2020/10xxx/CVE-2020-10500.json +++ b/2020/10xxx/CVE-2020-10500.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10500", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10500", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf23", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf23" } ] } diff --git a/2020/10xxx/CVE-2020-10501.json b/2020/10xxx/CVE-2020-10501.json index 049da8c6c00..10f6da5cb17 100644 --- a/2020/10xxx/CVE-2020-10501.json +++ b/2020/10xxx/CVE-2020-10501.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10501", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10501", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf24", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf24" } ] } diff --git a/2020/10xxx/CVE-2020-10502.json b/2020/10xxx/CVE-2020-10502.json index c6a9de4f982..0bc558a9ce4 100644 --- a/2020/10xxx/CVE-2020-10502.json +++ b/2020/10xxx/CVE-2020-10502.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10502", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10502", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf25", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf25" } ] } diff --git a/2020/10xxx/CVE-2020-10503.json b/2020/10xxx/CVE-2020-10503.json index 5c0713711c0..ae7abcb9bbb 100644 --- a/2020/10xxx/CVE-2020-10503.json +++ b/2020/10xxx/CVE-2020-10503.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10503", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10503", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf26", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf26" } ] } diff --git a/2020/10xxx/CVE-2020-10504.json b/2020/10xxx/CVE-2020-10504.json index b2ac81c26e5..31a3e634a07 100644 --- a/2020/10xxx/CVE-2020-10504.json +++ b/2020/10xxx/CVE-2020-10504.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10504", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10504", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://antoniocannito.it/?p=343#csrf27", + "refsource": "MISC", + "name": "http://antoniocannito.it/?p=343#csrf27" } ] } From 00087125c71f7af68b8002323b8443fbd6465f0d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 14:01:53 +0000 Subject: [PATCH 063/144] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12402.json | 5 +++ 2020/10xxx/CVE-2020-10505.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10506.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10507.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10508.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10509.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10510.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10511.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10512.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10513.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10514.json | 18 ++++++++++ 2020/6xxx/CVE-2020-6858.json | 61 +++++++++++++++++++++++++++---- 2020/8xxx/CVE-2020-8435.json | 66 ++++++++++++++++++++++++++++++---- 2020/8xxx/CVE-2020-8436.json | 66 ++++++++++++++++++++++++++++++---- 2020/9xxx/CVE-2020-9435.json | 61 +++++++++++++++++++++++++++---- 2020/9xxx/CVE-2020-9436.json | 61 +++++++++++++++++++++++++++---- 2020/9xxx/CVE-2020-9464.json | 56 +++++++++++++++++++++++++---- 17 files changed, 520 insertions(+), 36 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10505.json create mode 100644 2020/10xxx/CVE-2020-10506.json create mode 100644 2020/10xxx/CVE-2020-10507.json create mode 100644 2020/10xxx/CVE-2020-10508.json create mode 100644 2020/10xxx/CVE-2020-10509.json create mode 100644 2020/10xxx/CVE-2020-10510.json create mode 100644 2020/10xxx/CVE-2020-10511.json create mode 100644 2020/10xxx/CVE-2020-10512.json create mode 100644 2020/10xxx/CVE-2020-10513.json create mode 100644 2020/10xxx/CVE-2020-10514.json diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index b96d843e770..acb548b5703 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -108,6 +108,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", "url": "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2020/10xxx/CVE-2020-10505.json b/2020/10xxx/CVE-2020-10505.json new file mode 100644 index 00000000000..6ac2c643ca7 --- /dev/null +++ b/2020/10xxx/CVE-2020-10505.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10505", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10506.json b/2020/10xxx/CVE-2020-10506.json new file mode 100644 index 00000000000..a9bff7468f6 --- /dev/null +++ b/2020/10xxx/CVE-2020-10506.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10506", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10507.json b/2020/10xxx/CVE-2020-10507.json new file mode 100644 index 00000000000..270fcd5bea2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10508.json b/2020/10xxx/CVE-2020-10508.json new file mode 100644 index 00000000000..16f67c3f8b8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10508", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10509.json b/2020/10xxx/CVE-2020-10509.json new file mode 100644 index 00000000000..99d7e73c8eb --- /dev/null +++ b/2020/10xxx/CVE-2020-10509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10510.json b/2020/10xxx/CVE-2020-10510.json new file mode 100644 index 00000000000..a70dee335db --- /dev/null +++ b/2020/10xxx/CVE-2020-10510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10511.json b/2020/10xxx/CVE-2020-10511.json new file mode 100644 index 00000000000..d3627cc3fa5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10512.json b/2020/10xxx/CVE-2020-10512.json new file mode 100644 index 00000000000..dd2101c4b1e --- /dev/null +++ b/2020/10xxx/CVE-2020-10512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10513.json b/2020/10xxx/CVE-2020-10513.json new file mode 100644 index 00000000000..de4744e6c71 --- /dev/null +++ b/2020/10xxx/CVE-2020-10513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10514.json b/2020/10xxx/CVE-2020-10514.json new file mode 100644 index 00000000000..25c60742ac8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6858.json b/2020/6xxx/CVE-2020-6858.json index 4e4c556f9f2..a4193e36562 100644 --- a/2020/6xxx/CVE-2020-6858.json +++ b/2020/6xxx/CVE-2020-6858.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6858", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6858", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://twitter.com/JLLeitschuh", + "refsource": "MISC", + "name": "https://twitter.com/JLLeitschuh" + }, + { + "refsource": "MISC", + "name": "https://github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v", + "url": "https://github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v" } ] } diff --git a/2020/8xxx/CVE-2020-8435.json b/2020/8xxx/CVE-2020-8435.json index 5797dc7c66c..ee3459b1852 100644 --- a/2020/8xxx/CVE-2020-8435.json +++ b/2020/8xxx/CVE-2020-8435.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8435", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8435", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://Spider-security.co.uk", + "refsource": "MISC", + "name": "https://Spider-security.co.uk" + }, + { + "url": "https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers" + }, + { + "refsource": "MISC", + "name": "https://spider-security.co.uk/blog-cve-2020-8435", + "url": "https://spider-security.co.uk/blog-cve-2020-8435" } ] } diff --git a/2020/8xxx/CVE-2020-8436.json b/2020/8xxx/CVE-2020-8436.json index daa2902556a..df335cf4438 100644 --- a/2020/8xxx/CVE-2020-8436.json +++ b/2020/8xxx/CVE-2020-8436.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8436", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8436", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://Spider-security.co.uk", + "refsource": "MISC", + "name": "https://Spider-security.co.uk" + }, + { + "url": "https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers" + }, + { + "refsource": "MISC", + "name": "https://spider-security.co.uk/blog-cve-2020-8436", + "url": "https://spider-security.co.uk/blog-cve-2020-8436" } ] } diff --git a/2020/9xxx/CVE-2020-9435.json b/2020/9xxx/CVE-2020-9435.json index f15d0c1639f..1005158bfe0 100644 --- a/2020/9xxx/CVE-2020-9435.json +++ b/2020/9xxx/CVE-2020-9435.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9435", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9435", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en-us/advisories/", + "refsource": "MISC", + "name": "https://cert.vde.com/en-us/advisories/" + }, + { + "refsource": "MISC", + "name": "https://cert.vde.com/en-us/advisories/vde-2020-003", + "url": "https://cert.vde.com/en-us/advisories/vde-2020-003" } ] } diff --git a/2020/9xxx/CVE-2020-9436.json b/2020/9xxx/CVE-2020-9436.json index 0013c7540d4..e4e593b800c 100644 --- a/2020/9xxx/CVE-2020-9436.json +++ b/2020/9xxx/CVE-2020-9436.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9436", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9436", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en-us/advisories/", + "refsource": "MISC", + "name": "https://cert.vde.com/en-us/advisories/" + }, + { + "refsource": "MISC", + "name": "https://cert.vde.com/en-us/advisories/vde-2020-003", + "url": "https://cert.vde.com/en-us/advisories/vde-2020-003" } ] } diff --git a/2020/9xxx/CVE-2020-9464.json b/2020/9xxx/CVE-2020-9464.json index 45adf913478..d03f00cc3df 100644 --- a/2020/9xxx/CVE-2020-9464.json +++ b/2020/9xxx/CVE-2020-9464.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9464", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9464", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. After an attack has occurred, the device's functionality can be restored by rebooting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cert.vde.com/en-us/advisories/vde-2020-005", + "url": "https://cert.vde.com/en-us/advisories/vde-2020-005" } ] } From 7e5a05c51ed111ba8150df1eb96e0690aa68d37e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 15:01:07 +0000 Subject: [PATCH 064/144] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12402.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index acb548b5703..0402b8aee67 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -113,6 +113,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", "url": "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521@%3Cissues.flink.apache.org%3E" } ] }, From 8d2c30eb5ad208aac2d9858a5d87a7d20cb3acec Mon Sep 17 00:00:00 2001 From: MSRC Date: Thu, 12 Mar 2020 08:41:02 -0700 Subject: [PATCH 065/144] March 2020 Patch Tuesday --- 2020/0xxx/CVE-2020-0645.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0684.json | 246 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0690.json | 198 +++++++++++++++++ 2020/0xxx/CVE-2020-0700.json | 103 +++++++++ 2020/0xxx/CVE-2020-0758.json | 103 +++++++++ 2020/0xxx/CVE-2020-0762.json | 174 +++++++++++++++ 2020/0xxx/CVE-2020-0763.json | 171 +++++++++++++++ 2020/0xxx/CVE-2020-0765.json | 60 +++++ 2020/0xxx/CVE-2020-0768.json | 413 +++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0769.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0770.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0771.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0772.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0773.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0774.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0775.json | 198 +++++++++++++++++ 2020/0xxx/CVE-2020-0776.json | 192 ++++++++++++++++ 2020/0xxx/CVE-2020-0777.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0778.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0779.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0780.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0781.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0783.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0785.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0786.json | 82 +++++++ 2020/0xxx/CVE-2020-0787.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0788.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0789.json | 70 ++++++ 2020/0xxx/CVE-2020-0791.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0793.json | 238 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0795.json | 80 +++++++ 2020/0xxx/CVE-2020-0796.json | 130 +++++++++++ 2020/0xxx/CVE-2020-0797.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0798.json | 192 ++++++++++++++++ 2020/0xxx/CVE-2020-0799.json | 219 +++++++++++++++++++ 2020/0xxx/CVE-2020-0800.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0801.json | 198 +++++++++++++++++ 2020/0xxx/CVE-2020-0802.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0803.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0804.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0806.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0807.json | 171 +++++++++++++++ 2020/0xxx/CVE-2020-0808.json | 180 +++++++++++++++ 2020/0xxx/CVE-2020-0809.json | 198 +++++++++++++++++ 2020/0xxx/CVE-2020-0810.json | 238 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0811.json | 220 +++++++++++++++++++ 2020/0xxx/CVE-2020-0812.json | 160 ++++++++++++++ 2020/0xxx/CVE-2020-0813.json | 220 +++++++++++++++++++ 2020/0xxx/CVE-2020-0814.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0815.json | 60 +++++ 2020/0xxx/CVE-2020-0816.json | 240 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0819.json | 219 +++++++++++++++++++ 2020/0xxx/CVE-2020-0820.json | 198 +++++++++++++++++ 2020/0xxx/CVE-2020-0822.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0823.json | 270 +++++++++++++++++++++++ 2020/0xxx/CVE-2020-0824.json | 193 ++++++++++++++++ 2020/0xxx/CVE-2020-0825.json | 160 ++++++++++++++ 2020/0xxx/CVE-2020-0826.json | 270 +++++++++++++++++++++++ 2020/0xxx/CVE-2020-0827.json | 270 +++++++++++++++++++++++ 2020/0xxx/CVE-2020-0828.json | 270 +++++++++++++++++++++++ 2020/0xxx/CVE-2020-0829.json | 270 +++++++++++++++++++++++ 2020/0xxx/CVE-2020-0830.json | 413 +++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0831.json | 270 +++++++++++++++++++++++ 2020/0xxx/CVE-2020-0832.json | 206 +++++++++++++++++ 2020/0xxx/CVE-2020-0833.json | 193 ++++++++++++++++ 2020/0xxx/CVE-2020-0834.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0840.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0841.json | 198 +++++++++++++++++ 2020/0xxx/CVE-2020-0842.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0843.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0844.json | 228 +++++++++++++++++++ 2020/0xxx/CVE-2020-0845.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0847.json | 206 +++++++++++++++++ 2020/0xxx/CVE-2020-0848.json | 250 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0849.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0850.json | 147 +++++++++++++ 2020/0xxx/CVE-2020-0851.json | 76 +++++++ 2020/0xxx/CVE-2020-0852.json | 86 ++++++++ 2020/0xxx/CVE-2020-0853.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0854.json | 159 ++++++++++++++ 2020/0xxx/CVE-2020-0855.json | 73 +++++++ 2020/0xxx/CVE-2020-0857.json | 219 +++++++++++++++++++ 2020/0xxx/CVE-2020-0858.json | 219 +++++++++++++++++++ 2020/0xxx/CVE-2020-0859.json | 219 +++++++++++++++++++ 2020/0xxx/CVE-2020-0860.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0861.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0863.json | 130 +++++++++++ 2020/0xxx/CVE-2020-0864.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0865.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0866.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0867.json | 198 +++++++++++++++++ 2020/0xxx/CVE-2020-0868.json | 198 +++++++++++++++++ 2020/0xxx/CVE-2020-0869.json | 198 +++++++++++++++++ 2020/0xxx/CVE-2020-0871.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0872.json | 60 +++++ 2020/0xxx/CVE-2020-0874.json | 173 +++++++++++++++ 2020/0xxx/CVE-2020-0876.json | 130 +++++++++++ 2020/0xxx/CVE-2020-0877.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0879.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0880.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0881.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0882.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0883.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0884.json | 80 +++++++ 2020/0xxx/CVE-2020-0885.json | 234 ++++++++++++++++++++ 2020/0xxx/CVE-2020-0887.json | 249 +++++++++++++++++++++ 2020/0xxx/CVE-2020-0891.json | 83 +++++++ 2020/0xxx/CVE-2020-0892.json | 172 +++++++++++++++ 2020/0xxx/CVE-2020-0893.json | 73 +++++++ 2020/0xxx/CVE-2020-0894.json | 83 +++++++ 2020/0xxx/CVE-2020-0896.json | 198 +++++++++++++++++ 2020/0xxx/CVE-2020-0897.json | 213 ++++++++++++++++++ 2020/0xxx/CVE-2020-0898.json | 76 +++++++ 2020/0xxx/CVE-2020-0902.json | 60 +++++ 2020/0xxx/CVE-2020-0903.json | 90 ++++++++ 2020/0xxx/CVE-2020-0905.json | 130 +++++++++++ 116 files changed, 23259 insertions(+) create mode 100644 2020/0xxx/CVE-2020-0645.json create mode 100644 2020/0xxx/CVE-2020-0684.json create mode 100644 2020/0xxx/CVE-2020-0690.json create mode 100644 2020/0xxx/CVE-2020-0700.json create mode 100644 2020/0xxx/CVE-2020-0758.json create mode 100644 2020/0xxx/CVE-2020-0762.json create mode 100644 2020/0xxx/CVE-2020-0763.json create mode 100644 2020/0xxx/CVE-2020-0765.json create mode 100644 2020/0xxx/CVE-2020-0768.json create mode 100644 2020/0xxx/CVE-2020-0769.json create mode 100644 2020/0xxx/CVE-2020-0770.json create mode 100644 2020/0xxx/CVE-2020-0771.json create mode 100644 2020/0xxx/CVE-2020-0772.json create mode 100644 2020/0xxx/CVE-2020-0773.json create mode 100644 2020/0xxx/CVE-2020-0774.json create mode 100644 2020/0xxx/CVE-2020-0775.json create mode 100644 2020/0xxx/CVE-2020-0776.json create mode 100644 2020/0xxx/CVE-2020-0777.json create mode 100644 2020/0xxx/CVE-2020-0778.json create mode 100644 2020/0xxx/CVE-2020-0779.json create mode 100644 2020/0xxx/CVE-2020-0780.json create mode 100644 2020/0xxx/CVE-2020-0781.json create mode 100644 2020/0xxx/CVE-2020-0783.json create mode 100644 2020/0xxx/CVE-2020-0785.json create mode 100644 2020/0xxx/CVE-2020-0786.json create mode 100644 2020/0xxx/CVE-2020-0787.json create mode 100644 2020/0xxx/CVE-2020-0788.json create mode 100644 2020/0xxx/CVE-2020-0789.json create mode 100644 2020/0xxx/CVE-2020-0791.json create mode 100644 2020/0xxx/CVE-2020-0793.json create mode 100644 2020/0xxx/CVE-2020-0795.json create mode 100644 2020/0xxx/CVE-2020-0796.json create mode 100644 2020/0xxx/CVE-2020-0797.json create mode 100644 2020/0xxx/CVE-2020-0798.json create mode 100644 2020/0xxx/CVE-2020-0799.json create mode 100644 2020/0xxx/CVE-2020-0800.json create mode 100644 2020/0xxx/CVE-2020-0801.json create mode 100644 2020/0xxx/CVE-2020-0802.json create mode 100644 2020/0xxx/CVE-2020-0803.json create mode 100644 2020/0xxx/CVE-2020-0804.json create mode 100644 2020/0xxx/CVE-2020-0806.json create mode 100644 2020/0xxx/CVE-2020-0807.json create mode 100644 2020/0xxx/CVE-2020-0808.json create mode 100644 2020/0xxx/CVE-2020-0809.json create mode 100644 2020/0xxx/CVE-2020-0810.json create mode 100644 2020/0xxx/CVE-2020-0811.json create mode 100644 2020/0xxx/CVE-2020-0812.json create mode 100644 2020/0xxx/CVE-2020-0813.json create mode 100644 2020/0xxx/CVE-2020-0814.json create mode 100644 2020/0xxx/CVE-2020-0815.json create mode 100644 2020/0xxx/CVE-2020-0816.json create mode 100644 2020/0xxx/CVE-2020-0819.json create mode 100644 2020/0xxx/CVE-2020-0820.json create mode 100644 2020/0xxx/CVE-2020-0822.json create mode 100644 2020/0xxx/CVE-2020-0823.json create mode 100644 2020/0xxx/CVE-2020-0824.json create mode 100644 2020/0xxx/CVE-2020-0825.json create mode 100644 2020/0xxx/CVE-2020-0826.json create mode 100644 2020/0xxx/CVE-2020-0827.json create mode 100644 2020/0xxx/CVE-2020-0828.json create mode 100644 2020/0xxx/CVE-2020-0829.json create mode 100644 2020/0xxx/CVE-2020-0830.json create mode 100644 2020/0xxx/CVE-2020-0831.json create mode 100644 2020/0xxx/CVE-2020-0832.json create mode 100644 2020/0xxx/CVE-2020-0833.json create mode 100644 2020/0xxx/CVE-2020-0834.json create mode 100644 2020/0xxx/CVE-2020-0840.json create mode 100644 2020/0xxx/CVE-2020-0841.json create mode 100644 2020/0xxx/CVE-2020-0842.json create mode 100644 2020/0xxx/CVE-2020-0843.json create mode 100644 2020/0xxx/CVE-2020-0844.json create mode 100644 2020/0xxx/CVE-2020-0845.json create mode 100644 2020/0xxx/CVE-2020-0847.json create mode 100644 2020/0xxx/CVE-2020-0848.json create mode 100644 2020/0xxx/CVE-2020-0849.json create mode 100644 2020/0xxx/CVE-2020-0850.json create mode 100644 2020/0xxx/CVE-2020-0851.json create mode 100644 2020/0xxx/CVE-2020-0852.json create mode 100644 2020/0xxx/CVE-2020-0853.json create mode 100644 2020/0xxx/CVE-2020-0854.json create mode 100644 2020/0xxx/CVE-2020-0855.json create mode 100644 2020/0xxx/CVE-2020-0857.json create mode 100644 2020/0xxx/CVE-2020-0858.json create mode 100644 2020/0xxx/CVE-2020-0859.json create mode 100644 2020/0xxx/CVE-2020-0860.json create mode 100644 2020/0xxx/CVE-2020-0861.json create mode 100644 2020/0xxx/CVE-2020-0863.json create mode 100644 2020/0xxx/CVE-2020-0864.json create mode 100644 2020/0xxx/CVE-2020-0865.json create mode 100644 2020/0xxx/CVE-2020-0866.json create mode 100644 2020/0xxx/CVE-2020-0867.json create mode 100644 2020/0xxx/CVE-2020-0868.json create mode 100644 2020/0xxx/CVE-2020-0869.json create mode 100644 2020/0xxx/CVE-2020-0871.json create mode 100644 2020/0xxx/CVE-2020-0872.json create mode 100644 2020/0xxx/CVE-2020-0874.json create mode 100644 2020/0xxx/CVE-2020-0876.json create mode 100644 2020/0xxx/CVE-2020-0877.json create mode 100644 2020/0xxx/CVE-2020-0879.json create mode 100644 2020/0xxx/CVE-2020-0880.json create mode 100644 2020/0xxx/CVE-2020-0881.json create mode 100644 2020/0xxx/CVE-2020-0882.json create mode 100644 2020/0xxx/CVE-2020-0883.json create mode 100644 2020/0xxx/CVE-2020-0884.json create mode 100644 2020/0xxx/CVE-2020-0885.json create mode 100644 2020/0xxx/CVE-2020-0887.json create mode 100644 2020/0xxx/CVE-2020-0891.json create mode 100644 2020/0xxx/CVE-2020-0892.json create mode 100644 2020/0xxx/CVE-2020-0893.json create mode 100644 2020/0xxx/CVE-2020-0894.json create mode 100644 2020/0xxx/CVE-2020-0896.json create mode 100644 2020/0xxx/CVE-2020-0897.json create mode 100644 2020/0xxx/CVE-2020-0898.json create mode 100644 2020/0xxx/CVE-2020-0902.json create mode 100644 2020/0xxx/CVE-2020-0903.json create mode 100644 2020/0xxx/CVE-2020-0905.json diff --git a/2020/0xxx/CVE-2020-0645.json b/2020/0xxx/CVE-2020-0645.json new file mode 100644 index 00000000000..954506f2500 --- /dev/null +++ b/2020/0xxx/CVE-2020-0645.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka \u0027Microsoft IIS Server Tampering Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tampering" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0645" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0684.json b/2020/0xxx/CVE-2020-0684.json new file mode 100644 index 00000000000..e0ef7096ebf --- /dev/null +++ b/2020/0xxx/CVE-2020-0684.json @@ -0,0 +1,246 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka \u0027LNK Remote Code Execution Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0684" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0690.json b/2020/0xxx/CVE-2020-0690.json new file mode 100644 index 00000000000..9eb3a71f36b --- /dev/null +++ b/2020/0xxx/CVE-2020-0690.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka \u0027DirectX Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0690" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0700.json b/2020/0xxx/CVE-2020-0700.json new file mode 100644 index 00000000000..2e7ff3b6936 --- /dev/null +++ b/2020/0xxx/CVE-2020-0700.json @@ -0,0 +1,103 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Azure DevOps Server", + "version": { + "version_data": [ + { + "version_value": "2019.0.1" + } + ] + } + }, + { + "product_name": "Team Foundation Server 2018", + "version": { + "version_data": [ + { + "version_value": "Update 3.2" + }, + { + "version_value": "Update 1.2" + } + ] + } + }, + { + "product_name": "Team Foundation Server", + "version": { + "version_data": [ + { + "version_value": "2017 Update 3.1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2019", + "version": { + "version_data": [ + { + "version_value": "Update 1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2019 Update 1.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0758.json b/2020/0xxx/CVE-2020-0758.json new file mode 100644 index 00000000000..6a41bc16e78 --- /dev/null +++ b/2020/0xxx/CVE-2020-0758.json @@ -0,0 +1,103 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Team Foundation Server 2018", + "version": { + "version_data": [ + { + "version_value": "Update 1.2" + }, + { + "version_value": "Update 3.2" + } + ] + } + }, + { + "product_name": "Team Foundation Server", + "version": { + "version_data": [ + { + "version_value": "2017 Update 3.1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server", + "version": { + "version_data": [ + { + "version_value": "2019.0.1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2019", + "version": { + "version_data": [ + { + "version_value": "Update 1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2019 Update 1.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0762.json b/2020/0xxx/CVE-2020-0762.json new file mode 100644 index 00000000000..6173ad3fdc2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0762.json @@ -0,0 +1,174 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Windows Defender Security Center Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0763." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0762" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0763.json b/2020/0xxx/CVE-2020-0763.json new file mode 100644 index 00000000000..670c64d4f2f --- /dev/null +++ b/2020/0xxx/CVE-2020-0763.json @@ -0,0 +1,171 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "version 1803 (Core Installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Windows Defender Security Center Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0762." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0763" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0765.json b/2020/0xxx/CVE-2020-0765.json new file mode 100644 index 00000000000..51dc33ba0f6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0765.json @@ -0,0 +1,60 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Remote Desktop Connection Manager 2.7", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka \u0027Remote Desktop Connection Manager Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0765" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0768.json b/2020/0xxx/CVE-2020-0768.json new file mode 100644 index 00000000000..b389005e12b --- /dev/null +++ b/2020/0xxx/CVE-2020-0768.json @@ -0,0 +1,413 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0768" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0769.json b/2020/0xxx/CVE-2020-0769.json new file mode 100644 index 00000000000..f8dc7f245f3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0769.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows CSC Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0771." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0769" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0770.json b/2020/0xxx/CVE-2020-0770.json new file mode 100644 index 00000000000..d7071447c14 --- /dev/null +++ b/2020/0xxx/CVE-2020-0770.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows ActiveX Installer Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0773, CVE-2020-0860." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0770" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0771.json b/2020/0xxx/CVE-2020-0771.json new file mode 100644 index 00000000000..9a0eb363a7b --- /dev/null +++ b/2020/0xxx/CVE-2020-0771.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows CSC Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0769." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0771" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0772.json b/2020/0xxx/CVE-2020-0772.json new file mode 100644 index 00000000000..592153ac30e --- /dev/null +++ b/2020/0xxx/CVE-2020-0772.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Error Reporting Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0806." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0772" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0773.json b/2020/0xxx/CVE-2020-0773.json new file mode 100644 index 00000000000..edf0dbc43f4 --- /dev/null +++ b/2020/0xxx/CVE-2020-0773.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows ActiveX Installer Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0770, CVE-2020-0860." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0773" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0774.json b/2020/0xxx/CVE-2020-0774.json new file mode 100644 index 00000000000..aa34714a281 --- /dev/null +++ b/2020/0xxx/CVE-2020-0774.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0774" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0775.json b/2020/0xxx/CVE-2020-0775.json new file mode 100644 index 00000000000..35a76393a17 --- /dev/null +++ b/2020/0xxx/CVE-2020-0775.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Error Reporting Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0775" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0776.json b/2020/0xxx/CVE-2020-0776.json new file mode 100644 index 00000000000..a79de1bc5ce --- /dev/null +++ b/2020/0xxx/CVE-2020-0776.json @@ -0,0 +1,192 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0858." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0776" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0777.json b/2020/0xxx/CVE-2020-0777.json new file mode 100644 index 00000000000..17d81356ad9 --- /dev/null +++ b/2020/0xxx/CVE-2020-0777.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0777" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0778.json b/2020/0xxx/CVE-2020-0778.json new file mode 100644 index 00000000000..fba80696a43 --- /dev/null +++ b/2020/0xxx/CVE-2020-0778.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \u0027Windows Network Connections Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0778" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0779.json b/2020/0xxx/CVE-2020-0779.json new file mode 100644 index 00000000000..c62ece7b5d6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0779.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0779" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0780.json b/2020/0xxx/CVE-2020-0780.json new file mode 100644 index 00000000000..8b175172c5e --- /dev/null +++ b/2020/0xxx/CVE-2020-0780.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka \u0027Windows Network List Service Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0780" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0781.json b/2020/0xxx/CVE-2020-0781.json new file mode 100644 index 00000000000..f140e0240f8 --- /dev/null +++ b/2020/0xxx/CVE-2020-0781.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka \u0027Windows UPnP Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0783." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0781" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0783.json b/2020/0xxx/CVE-2020-0783.json new file mode 100644 index 00000000000..9e2778e94a7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0783.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka \u0027Windows UPnP Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0781." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0783" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0785.json b/2020/0xxx/CVE-2020-0785.json new file mode 100644 index 00000000000..ea0b0c5d2c4 --- /dev/null +++ b/2020/0xxx/CVE-2020-0785.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka \u0027Windows User Profile Service Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0785" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0786.json b/2020/0xxx/CVE-2020-0786.json new file mode 100644 index 00000000000..91f1e23aa61 --- /dev/null +++ b/2020/0xxx/CVE-2020-0786.json @@ -0,0 +1,82 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka \u0027Windows Tile Object Service Denial of Service Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0786" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0787.json b/2020/0xxx/CVE-2020-0787.json new file mode 100644 index 00000000000..0377a401510 --- /dev/null +++ b/2020/0xxx/CVE-2020-0787.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka \u0027Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0788.json b/2020/0xxx/CVE-2020-0788.json new file mode 100644 index 00000000000..71562376c36 --- /dev/null +++ b/2020/0xxx/CVE-2020-0788.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0877, CVE-2020-0887." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0788" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0789.json b/2020/0xxx/CVE-2020-0789.json new file mode 100644 index 00000000000..922bc8f71ab --- /dev/null +++ b/2020/0xxx/CVE-2020-0789.json @@ -0,0 +1,70 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka \u0027Visual Studio Extension Installer Service Denial of Service Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0789" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0791.json b/2020/0xxx/CVE-2020-0791.json new file mode 100644 index 00000000000..5952f501038 --- /dev/null +++ b/2020/0xxx/CVE-2020-0791.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka \u0027Windows Graphics Component Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0898." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0791" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0793.json b/2020/0xxx/CVE-2020-0793.json new file mode 100644 index 00000000000..47324ebba8d --- /dev/null +++ b/2020/0xxx/CVE-2020-0793.json @@ -0,0 +1,238 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio", + "version": { + "version_data": [ + { + "version_value": "2015 Update 3" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0795.json b/2020/0xxx/CVE-2020-0795.json new file mode 100644 index 00000000000..8db31f2ff3b --- /dev/null +++ b/2020/0xxx/CVE-2020-0795.json @@ -0,0 +1,80 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + }, + { + "product_name": "Microsoft Business Productivity Servers", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Foundation", + "version": { + "version_data": [ + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka \u0027Microsoft SharePoint Reflective XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0891." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0796.json b/2020/0xxx/CVE-2020-0796.json new file mode 100644 index 00000000000..e8af4268ef3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0796.json @@ -0,0 +1,130 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka \u0027Windows SMBv3 Client/Server Remote Code Execution Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0797.json b/2020/0xxx/CVE-2020-0797.json new file mode 100644 index 00000000000..b4c65d0b813 --- /dev/null +++ b/2020/0xxx/CVE-2020-0797.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0797" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0798.json b/2020/0xxx/CVE-2020-0798.json new file mode 100644 index 00000000000..29f2f3cd924 --- /dev/null +++ b/2020/0xxx/CVE-2020-0798.json @@ -0,0 +1,192 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0779, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0798" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0799.json b/2020/0xxx/CVE-2020-0799.json new file mode 100644 index 00000000000..575a81750f6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0799.json @@ -0,0 +1,219 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0799" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0800.json b/2020/0xxx/CVE-2020-0800.json new file mode 100644 index 00000000000..962c37f53d0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0800.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0800" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0801.json b/2020/0xxx/CVE-2020-0801.json new file mode 100644 index 00000000000..54e74bc2429 --- /dev/null +++ b/2020/0xxx/CVE-2020-0801.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \u0027Media Foundation Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0807, CVE-2020-0809, CVE-2020-0869." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0801" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0802.json b/2020/0xxx/CVE-2020-0802.json new file mode 100644 index 00000000000..7c1b22c55fc --- /dev/null +++ b/2020/0xxx/CVE-2020-0802.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \u0027Windows Network Connections Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0778, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0802" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0803.json b/2020/0xxx/CVE-2020-0803.json new file mode 100644 index 00000000000..e7e62bbb5b6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0803.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \u0027Windows Network Connections Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0804, CVE-2020-0845." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0803" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0804.json b/2020/0xxx/CVE-2020-0804.json new file mode 100644 index 00000000000..455e96cca6c --- /dev/null +++ b/2020/0xxx/CVE-2020-0804.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \u0027Windows Network Connections Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0845." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0804" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0806.json b/2020/0xxx/CVE-2020-0806.json new file mode 100644 index 00000000000..00f539c66a9 --- /dev/null +++ b/2020/0xxx/CVE-2020-0806.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka \u0027Windows Error Reporting Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0772." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0806" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0807.json b/2020/0xxx/CVE-2020-0807.json new file mode 100644 index 00000000000..1667409272b --- /dev/null +++ b/2020/0xxx/CVE-2020-0807.json @@ -0,0 +1,171 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \u0027Media Foundation Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0801, CVE-2020-0809, CVE-2020-0869." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0807" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0808.json b/2020/0xxx/CVE-2020-0808.json new file mode 100644 index 00000000000..4a6d3615628 --- /dev/null +++ b/2020/0xxx/CVE-2020-0808.json @@ -0,0 +1,180 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations, aka \u0027Provisioning Runtime Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0808" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0809.json b/2020/0xxx/CVE-2020-0809.json new file mode 100644 index 00000000000..03adcd793e7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0809.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \u0027Media Foundation Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0869." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0809" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0810.json b/2020/0xxx/CVE-2020-0810.json new file mode 100644 index 00000000000..68c731d20fe --- /dev/null +++ b/2020/0xxx/CVE-2020-0810.json @@ -0,0 +1,238 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio", + "version": { + "version_data": [ + { + "version_value": "2015 Update 3" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka \u0027Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0811.json b/2020/0xxx/CVE-2020-0811.json new file mode 100644 index 00000000000..b6054a916eb --- /dev/null +++ b/2020/0xxx/CVE-2020-0811.json @@ -0,0 +1,220 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0812." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0811" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0812.json b/2020/0xxx/CVE-2020-0812.json new file mode 100644 index 00000000000..84a1ed7cf99 --- /dev/null +++ b/2020/0xxx/CVE-2020-0812.json @@ -0,0 +1,160 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0811." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0812" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0813.json b/2020/0xxx/CVE-2020-0813.json new file mode 100644 index 00000000000..549ed8a40c3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0813.json @@ -0,0 +1,220 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0814.json b/2020/0xxx/CVE-2020-0814.json new file mode 100644 index 00000000000..5344a7b1ed3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0814.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0814" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0815.json b/2020/0xxx/CVE-2020-0815.json new file mode 100644 index 00000000000..e84d19be120 --- /dev/null +++ b/2020/0xxx/CVE-2020-0815.json @@ -0,0 +1,60 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Azure DevOps Server 2019 Update 1.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0758." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0816.json b/2020/0xxx/CVE-2020-0816.json new file mode 100644 index 00000000000..261cb6348ce --- /dev/null +++ b/2020/0xxx/CVE-2020-0816.json @@ -0,0 +1,240 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \u0027Microsoft Edge Memory Corruption Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0816" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0819.json b/2020/0xxx/CVE-2020-0819.json new file mode 100644 index 00000000000..e019d0aae04 --- /dev/null +++ b/2020/0xxx/CVE-2020-0819.json @@ -0,0 +1,219 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations, aka \u0027Windows Device Setup Manager Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0819" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0820.json b/2020/0xxx/CVE-2020-0820.json new file mode 100644 index 00000000000..7a815838cb1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0820.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka \u0027Media Foundation Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0820" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0822.json b/2020/0xxx/CVE-2020-0822.json new file mode 100644 index 00000000000..80abaf32bfe --- /dev/null +++ b/2020/0xxx/CVE-2020-0822.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka \u0027Windows Language Pack Installer Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0822" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0823.json b/2020/0xxx/CVE-2020-0823.json new file mode 100644 index 00000000000..fc45be2a4f7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0823.json @@ -0,0 +1,270 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0823" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0824.json b/2020/0xxx/CVE-2020-0824.json new file mode 100644 index 00000000000..db8258f6eed --- /dev/null +++ b/2020/0xxx/CVE-2020-0824.json @@ -0,0 +1,193 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \u0027Internet Explorer Memory Corruption Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0824" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0825.json b/2020/0xxx/CVE-2020-0825.json new file mode 100644 index 00000000000..cb4673f7840 --- /dev/null +++ b/2020/0xxx/CVE-2020-0825.json @@ -0,0 +1,160 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0825" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0826.json b/2020/0xxx/CVE-2020-0826.json new file mode 100644 index 00000000000..3a5e05975ac --- /dev/null +++ b/2020/0xxx/CVE-2020-0826.json @@ -0,0 +1,270 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0826" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0827.json b/2020/0xxx/CVE-2020-0827.json new file mode 100644 index 00000000000..fb69dc719af --- /dev/null +++ b/2020/0xxx/CVE-2020-0827.json @@ -0,0 +1,270 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0827" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0828.json b/2020/0xxx/CVE-2020-0828.json new file mode 100644 index 00000000000..bcdf0cfc619 --- /dev/null +++ b/2020/0xxx/CVE-2020-0828.json @@ -0,0 +1,270 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0828" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0829.json b/2020/0xxx/CVE-2020-0829.json new file mode 100644 index 00000000000..68780648553 --- /dev/null +++ b/2020/0xxx/CVE-2020-0829.json @@ -0,0 +1,270 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0829" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0830.json b/2020/0xxx/CVE-2020-0830.json new file mode 100644 index 00000000000..6d5a0ff243d --- /dev/null +++ b/2020/0xxx/CVE-2020-0830.json @@ -0,0 +1,413 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0830" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0831.json b/2020/0xxx/CVE-2020-0831.json new file mode 100644 index 00000000000..9eb599cd7ab --- /dev/null +++ b/2020/0xxx/CVE-2020-0831.json @@ -0,0 +1,270 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0831" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0832.json b/2020/0xxx/CVE-2020-0832.json new file mode 100644 index 00000000000..82a41a54e6d --- /dev/null +++ b/2020/0xxx/CVE-2020-0832.json @@ -0,0 +1,206 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0832" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0833.json b/2020/0xxx/CVE-2020-0833.json new file mode 100644 index 00000000000..de1eafa3e6e --- /dev/null +++ b/2020/0xxx/CVE-2020-0833.json @@ -0,0 +1,193 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0833" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0834.json b/2020/0xxx/CVE-2020-0834.json new file mode 100644 index 00000000000..5c42c594815 --- /dev/null +++ b/2020/0xxx/CVE-2020-0834.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka \u0027Windows ALPC Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0834" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0840.json b/2020/0xxx/CVE-2020-0840.json new file mode 100644 index 00000000000..041a56b2e53 --- /dev/null +++ b/2020/0xxx/CVE-2020-0840.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka \u0027Windows Hard Link Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0841, CVE-2020-0849, CVE-2020-0896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0840" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0841.json b/2020/0xxx/CVE-2020-0841.json new file mode 100644 index 00000000000..5a600fba137 --- /dev/null +++ b/2020/0xxx/CVE-2020-0841.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka \u0027Windows Hard Link Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0840, CVE-2020-0849, CVE-2020-0896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0841" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0842.json b/2020/0xxx/CVE-2020-0842.json new file mode 100644 index 00000000000..8ecae15b8e0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0842.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0843." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0842" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0843.json b/2020/0xxx/CVE-2020-0843.json new file mode 100644 index 00000000000..0c628d8a129 --- /dev/null +++ b/2020/0xxx/CVE-2020-0843.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0842." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0843" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0844.json b/2020/0xxx/CVE-2020-0844.json new file mode 100644 index 00000000000..f43ae32d06f --- /dev/null +++ b/2020/0xxx/CVE-2020-0844.json @@ -0,0 +1,228 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka \u0027Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0844" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0845.json b/2020/0xxx/CVE-2020-0845.json new file mode 100644 index 00000000000..fbd6af835bd --- /dev/null +++ b/2020/0xxx/CVE-2020-0845.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \u0027Windows Network Connections Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0845" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0847.json b/2020/0xxx/CVE-2020-0847.json new file mode 100644 index 00000000000..292bfcb4cd7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0847.json @@ -0,0 +1,206 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \u0027VBScript Remote Code Execution Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0847" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0848.json b/2020/0xxx/CVE-2020-0848.json new file mode 100644 index 00000000000..91874984694 --- /dev/null +++ b/2020/0xxx/CVE-2020-0848.json @@ -0,0 +1,250 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0848" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0849.json b/2020/0xxx/CVE-2020-0849.json new file mode 100644 index 00000000000..960bfff18c1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0849.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka \u0027Windows Hard Link Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0849" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0850.json b/2020/0xxx/CVE-2020-0850.json new file mode 100644 index 00000000000..39e04b59a24 --- /dev/null +++ b/2020/0xxx/CVE-2020-0850.json @@ -0,0 +1,147 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Word", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Foundation", + "version": { + "version_data": [ + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0851.json b/2020/0xxx/CVE-2020-0851.json new file mode 100644 index 00000000000..ea16a2ad66a --- /dev/null +++ b/2020/0xxx/CVE-2020-0851.json @@ -0,0 +1,76 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0850, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0851" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0852.json b/2020/0xxx/CVE-2020-0852.json new file mode 100644 index 00000000000..17257a5ff02 --- /dev/null +++ b/2020/0xxx/CVE-2020-0852.json @@ -0,0 +1,86 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Microsoft Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0855, CVE-2020-0892." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0853.json b/2020/0xxx/CVE-2020-0853.json new file mode 100644 index 00000000000..b1da7792a4c --- /dev/null +++ b/2020/0xxx/CVE-2020-0853.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka \u0027Windows Imaging Component Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0853" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0854.json b/2020/0xxx/CVE-2020-0854.json new file mode 100644 index 00000000000..73da9665398 --- /dev/null +++ b/2020/0xxx/CVE-2020-0854.json @@ -0,0 +1,159 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka \u0027Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0854" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0855.json b/2020/0xxx/CVE-2020-0855.json new file mode 100644 index 00000000000..db64fe7b8a2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0855.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0892." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0855" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0857.json b/2020/0xxx/CVE-2020-0857.json new file mode 100644 index 00000000000..8ed39962ac0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0857.json @@ -0,0 +1,219 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0857" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0858.json b/2020/0xxx/CVE-2020-0858.json new file mode 100644 index 00000000000..3afd8b38a2e --- /dev/null +++ b/2020/0xxx/CVE-2020-0858.json @@ -0,0 +1,219 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the \u0026quot;Public Account Pictures\u0026quot; folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0776." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0858" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0859.json b/2020/0xxx/CVE-2020-0859.json new file mode 100644 index 00000000000..a4f83dea904 --- /dev/null +++ b/2020/0xxx/CVE-2020-0859.json @@ -0,0 +1,219 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka \u0027Windows Modules Installer Service Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0859" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0860.json b/2020/0xxx/CVE-2020-0860.json new file mode 100644 index 00000000000..ee9e03c9815 --- /dev/null +++ b/2020/0xxx/CVE-2020-0860.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows ActiveX Installer Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0770, CVE-2020-0773." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0860" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0861.json b/2020/0xxx/CVE-2020-0861.json new file mode 100644 index 00000000000..5d417c8b322 --- /dev/null +++ b/2020/0xxx/CVE-2020-0861.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0861" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0863.json b/2020/0xxx/CVE-2020-0863.json new file mode 100644 index 00000000000..82651c8c331 --- /dev/null +++ b/2020/0xxx/CVE-2020-0863.json @@ -0,0 +1,130 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka \u0027Connected User Experiences and Telemetry Service Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0863" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0864.json b/2020/0xxx/CVE-2020-0864.json new file mode 100644 index 00000000000..29950d40df2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0864.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0864" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0865.json b/2020/0xxx/CVE-2020-0865.json new file mode 100644 index 00000000000..ba4b6627c47 --- /dev/null +++ b/2020/0xxx/CVE-2020-0865.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0866, CVE-2020-0897." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0865" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0866.json b/2020/0xxx/CVE-2020-0866.json new file mode 100644 index 00000000000..2a5274872c6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0866.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0897." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0866" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0867.json b/2020/0xxx/CVE-2020-0867.json new file mode 100644 index 00000000000..be4a836ccb2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0867.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka \u0027Windows Update Orchestrator Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0868." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0867" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0868.json b/2020/0xxx/CVE-2020-0868.json new file mode 100644 index 00000000000..2eab39debb0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0868.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka \u0027Windows Update Orchestrator Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0867." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0868" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0869.json b/2020/0xxx/CVE-2020-0869.json new file mode 100644 index 00000000000..fe266413b98 --- /dev/null +++ b/2020/0xxx/CVE-2020-0869.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \u0027Media Foundation Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0809." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0869" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0871.json b/2020/0xxx/CVE-2020-0871.json new file mode 100644 index 00000000000..36d0e2cfc72 --- /dev/null +++ b/2020/0xxx/CVE-2020-0871.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka \u0027Windows Network Connections Service Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0871" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0872.json b/2020/0xxx/CVE-2020-0872.json new file mode 100644 index 00000000000..c7821e7a783 --- /dev/null +++ b/2020/0xxx/CVE-2020-0872.json @@ -0,0 +1,60 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Inspector", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka \u0027Remote Code Execution Vulnerability in Application Inspector\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0872" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0874.json b/2020/0xxx/CVE-2020-0874.json new file mode 100644 index 00000000000..1fc0c12fe8a --- /dev/null +++ b/2020/0xxx/CVE-2020-0874.json @@ -0,0 +1,173 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0774, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0874" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0876.json b/2020/0xxx/CVE-2020-0876.json new file mode 100644 index 00000000000..527a216626d --- /dev/null +++ b/2020/0xxx/CVE-2020-0876.json @@ -0,0 +1,130 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka \u0027Win32k Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0876" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0877.json b/2020/0xxx/CVE-2020-0877.json new file mode 100644 index 00000000000..2110494abf6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0877.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0788, CVE-2020-0887." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0877" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0879.json b/2020/0xxx/CVE-2020-0879.json new file mode 100644 index 00000000000..a23eb016a15 --- /dev/null +++ b/2020/0xxx/CVE-2020-0879.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0880, CVE-2020-0882." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0879" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0880.json b/2020/0xxx/CVE-2020-0880.json new file mode 100644 index 00000000000..6998e2faed1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0880.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0882." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0880" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0881.json b/2020/0xxx/CVE-2020-0881.json new file mode 100644 index 00000000000..a2975be0f8c --- /dev/null +++ b/2020/0xxx/CVE-2020-0881.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \u0027GDI+ Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0883." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0881" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0882.json b/2020/0xxx/CVE-2020-0882.json new file mode 100644 index 00000000000..7b46bb8db70 --- /dev/null +++ b/2020/0xxx/CVE-2020-0882.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0882" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0883.json b/2020/0xxx/CVE-2020-0883.json new file mode 100644 index 00000000000..de0e654b4bb --- /dev/null +++ b/2020/0xxx/CVE-2020-0883.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \u0027GDI+ Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0881." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0883" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0884.json b/2020/0xxx/CVE-2020-0884.json new file mode 100644 index 00000000000..56b98d663b7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0884.json @@ -0,0 +1,80 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka \u0027Microsoft Visual Studio Spoofing Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0885.json b/2020/0xxx/CVE-2020-0885.json new file mode 100644 index 00000000000..4e0085283f6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0885.json @@ -0,0 +1,234 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \u0027Windows Graphics Component Information Disclosure Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0885" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0887.json b/2020/0xxx/CVE-2020-0887.json new file mode 100644 index 00000000000..48c4d80dbe8 --- /dev/null +++ b/2020/0xxx/CVE-2020-0887.json @@ -0,0 +1,249 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0788, CVE-2020-0877." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0887" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0891.json b/2020/0xxx/CVE-2020-0891.json new file mode 100644 index 00000000000..54b4f4d90d3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0891.json @@ -0,0 +1,83 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Foundation", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka \u0027Microsoft SharePoint Reflective XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0795." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0892.json b/2020/0xxx/CVE-2020-0892.json new file mode 100644 index 00000000000..25d6f489628 --- /dev/null +++ b/2020/0xxx/CVE-2020-0892.json @@ -0,0 +1,172 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Foundation", + "version": { + "version_data": [ + { + "version_value": "2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2010 Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Word", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Microsoft Office Web Apps", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0893.json b/2020/0xxx/CVE-2020-0893.json new file mode 100644 index 00000000000..8f300889d3e --- /dev/null +++ b/2020/0xxx/CVE-2020-0893.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0894." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0893" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0894.json b/2020/0xxx/CVE-2020-0894.json new file mode 100644 index 00000000000..84f6b43b6f6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0894.json @@ -0,0 +1,83 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Foundation", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0893." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0896.json b/2020/0xxx/CVE-2020-0896.json new file mode 100644 index 00000000000..b5e907d35c1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0896.json @@ -0,0 +1,198 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka \u0027Windows Hard Link Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0849." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0896" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0897.json b/2020/0xxx/CVE-2020-0897.json new file mode 100644 index 00000000000..6cfc2734d2b --- /dev/null +++ b/2020/0xxx/CVE-2020-0897.json @@ -0,0 +1,213 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0897" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0898.json b/2020/0xxx/CVE-2020-0898.json new file mode 100644 index 00000000000..add1470d602 --- /dev/null +++ b/2020/0xxx/CVE-2020-0898.json @@ -0,0 +1,76 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka \u0027Windows Graphics Component Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0791." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0898" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0902.json b/2020/0xxx/CVE-2020-0902.json new file mode 100644 index 00000000000..e54f2548d22 --- /dev/null +++ b/2020/0xxx/CVE-2020-0902.json @@ -0,0 +1,60 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Fabric", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka \u0027Service Fabric Elevation of Privilege\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0902" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0903.json b/2020/0xxx/CVE-2020-0903.json new file mode 100644 index 00000000000..0679b155bb2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0903.json @@ -0,0 +1,90 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka \u0027Microsoft Exchange Server Spoofing Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0903" + } + ] + } +} diff --git a/2020/0xxx/CVE-2020-0905.json b/2020/0xxx/CVE-2020-0905.json new file mode 100644 index 00000000000..7084c22622f --- /dev/null +++ b/2020/0xxx/CVE-2020-0905.json @@ -0,0 +1,130 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Dynamics NAV 2018", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Dynamics NAV 2015", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Dynamics 365 BC On Premise", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Dynamics 365 Business Central 2019 Spring Update", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Dynamics NAV 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Dynamics NAV 2017", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Dynamics NAV 2013", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905" + } + ] + } +} From a08caf77217491a1ea250824bcece8ce537cc23f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 16:01:20 +0000 Subject: [PATCH 066/144] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0645.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0684.json | 482 ++++++++++----------- 2020/0xxx/CVE-2020-0690.json | 386 ++++++++--------- 2020/0xxx/CVE-2020-0700.json | 196 ++++----- 2020/0xxx/CVE-2020-0758.json | 196 ++++----- 2020/0xxx/CVE-2020-0762.json | 338 +++++++-------- 2020/0xxx/CVE-2020-0763.json | 332 +++++++------- 2020/0xxx/CVE-2020-0765.json | 112 ++--- 2020/0xxx/CVE-2020-0768.json | 816 ++++++++++++++++++----------------- 2020/0xxx/CVE-2020-0769.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0770.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0771.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0772.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0773.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0774.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0775.json | 386 ++++++++--------- 2020/0xxx/CVE-2020-0776.json | 374 ++++++++-------- 2020/0xxx/CVE-2020-0777.json | 416 +++++++++--------- 2020/0xxx/CVE-2020-0778.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0779.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0780.json | 416 +++++++++--------- 2020/0xxx/CVE-2020-0781.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0783.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0785.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0786.json | 154 +++---- 2020/0xxx/CVE-2020-0787.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0788.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0789.json | 132 +++--- 2020/0xxx/CVE-2020-0791.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0793.json | 466 ++++++++++---------- 2020/0xxx/CVE-2020-0795.json | 152 +++---- 2020/0xxx/CVE-2020-0796.json | 252 +++++------ 2020/0xxx/CVE-2020-0797.json | 416 +++++++++--------- 2020/0xxx/CVE-2020-0798.json | 374 ++++++++-------- 2020/0xxx/CVE-2020-0799.json | 428 +++++++++--------- 2020/0xxx/CVE-2020-0800.json | 416 +++++++++--------- 2020/0xxx/CVE-2020-0801.json | 386 ++++++++--------- 2020/0xxx/CVE-2020-0802.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0803.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0804.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0806.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0807.json | 332 +++++++------- 2020/0xxx/CVE-2020-0808.json | 350 +++++++-------- 2020/0xxx/CVE-2020-0809.json | 386 ++++++++--------- 2020/0xxx/CVE-2020-0810.json | 466 ++++++++++---------- 2020/0xxx/CVE-2020-0811.json | 432 ++++++++++--------- 2020/0xxx/CVE-2020-0812.json | 312 +++++++------- 2020/0xxx/CVE-2020-0813.json | 432 ++++++++++--------- 2020/0xxx/CVE-2020-0814.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0815.json | 112 ++--- 2020/0xxx/CVE-2020-0816.json | 472 ++++++++++---------- 2020/0xxx/CVE-2020-0819.json | 428 +++++++++--------- 2020/0xxx/CVE-2020-0820.json | 386 ++++++++--------- 2020/0xxx/CVE-2020-0822.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0823.json | 532 +++++++++++------------ 2020/0xxx/CVE-2020-0824.json | 376 ++++++++-------- 2020/0xxx/CVE-2020-0825.json | 312 +++++++------- 2020/0xxx/CVE-2020-0826.json | 532 +++++++++++------------ 2020/0xxx/CVE-2020-0827.json | 532 +++++++++++------------ 2020/0xxx/CVE-2020-0828.json | 532 +++++++++++------------ 2020/0xxx/CVE-2020-0829.json | 532 +++++++++++------------ 2020/0xxx/CVE-2020-0830.json | 816 ++++++++++++++++++----------------- 2020/0xxx/CVE-2020-0831.json | 532 +++++++++++------------ 2020/0xxx/CVE-2020-0832.json | 402 ++++++++--------- 2020/0xxx/CVE-2020-0833.json | 376 ++++++++-------- 2020/0xxx/CVE-2020-0834.json | 416 +++++++++--------- 2020/0xxx/CVE-2020-0840.json | 416 +++++++++--------- 2020/0xxx/CVE-2020-0841.json | 386 ++++++++--------- 2020/0xxx/CVE-2020-0842.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0843.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0844.json | 446 +++++++++---------- 2020/0xxx/CVE-2020-0845.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0847.json | 402 ++++++++--------- 2020/0xxx/CVE-2020-0848.json | 492 ++++++++++----------- 2020/0xxx/CVE-2020-0849.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0850.json | 284 ++++++------ 2020/0xxx/CVE-2020-0851.json | 142 +++--- 2020/0xxx/CVE-2020-0852.json | 162 +++---- 2020/0xxx/CVE-2020-0853.json | 488 ++++++++++----------- 2020/0xxx/CVE-2020-0854.json | 308 ++++++------- 2020/0xxx/CVE-2020-0855.json | 136 +++--- 2020/0xxx/CVE-2020-0857.json | 428 +++++++++--------- 2020/0xxx/CVE-2020-0858.json | 428 +++++++++--------- 2020/0xxx/CVE-2020-0859.json | 428 +++++++++--------- 2020/0xxx/CVE-2020-0860.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0861.json | 416 +++++++++--------- 2020/0xxx/CVE-2020-0863.json | 252 +++++------ 2020/0xxx/CVE-2020-0864.json | 416 +++++++++--------- 2020/0xxx/CVE-2020-0865.json | 416 +++++++++--------- 2020/0xxx/CVE-2020-0866.json | 416 +++++++++--------- 2020/0xxx/CVE-2020-0867.json | 386 ++++++++--------- 2020/0xxx/CVE-2020-0868.json | 386 ++++++++--------- 2020/0xxx/CVE-2020-0869.json | 386 ++++++++--------- 2020/0xxx/CVE-2020-0871.json | 458 ++++++++++---------- 2020/0xxx/CVE-2020-0872.json | 112 ++--- 2020/0xxx/CVE-2020-0874.json | 336 ++++++++------- 2020/6xxx/CVE-2020-6208.json | 5 + 2020/9xxx/CVE-2020-9530.json | 5 + 2020/9xxx/CVE-2020-9531.json | 10 + 99 files changed, 19585 insertions(+), 19373 deletions(-) diff --git a/2020/0xxx/CVE-2020-0645.json b/2020/0xxx/CVE-2020-0645.json index 954506f2500..01697932ae7 100644 --- a/2020/0xxx/CVE-2020-0645.json +++ b/2020/0xxx/CVE-2020-0645.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0645", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka \u0027Microsoft IIS Server Tampering Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Tampering" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0645" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tampering" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0645", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0645" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0684.json b/2020/0xxx/CVE-2020-0684.json index e0ef7096ebf..1c1d596b0ad 100644 --- a/2020/0xxx/CVE-2020-0684.json +++ b/2020/0xxx/CVE-2020-0684.json @@ -1,246 +1,248 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0684", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka \u0027LNK Remote Code Execution Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0684" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0684", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0684" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0690.json b/2020/0xxx/CVE-2020-0690.json index 9eb3a71f36b..2f2ffb0a287 100644 --- a/2020/0xxx/CVE-2020-0690.json +++ b/2020/0xxx/CVE-2020-0690.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0690", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka \u0027DirectX Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0690" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0690", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0690" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0700.json b/2020/0xxx/CVE-2020-0700.json index 2e7ff3b6936..1af7e255859 100644 --- a/2020/0xxx/CVE-2020-0700.json +++ b/2020/0xxx/CVE-2020-0700.json @@ -1,103 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0700", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Azure DevOps Server", - "version": { - "version_data": [ - { - "version_value": "2019.0.1" - } - ] - } - }, - { - "product_name": "Team Foundation Server 2018", - "version": { - "version_data": [ - { - "version_value": "Update 3.2" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Azure DevOps Server", + "version": { + "version_data": [ + { + "version_value": "2019.0.1" + } + ] + } + }, + { + "product_name": "Team Foundation Server 2018", + "version": { + "version_data": [ + { + "version_value": "Update 3.2" + }, + { + "version_value": "Update 1.2" + } + ] + } + }, + { + "product_name": "Team Foundation Server", + "version": { + "version_data": [ + { + "version_value": "2017 Update 3.1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2019", + "version": { + "version_data": [ + { + "version_value": "Update 1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2019 Update 1.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "Update 1.2" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Team Foundation Server", - "version": { - "version_data": [ - { - "version_value": "2017 Update 3.1" - } - ] - } - }, - { - "product_name": "Azure DevOps Server 2019", - "version": { - "version_data": [ - { - "version_value": "Update 1" - } - ] - } - }, - { - "product_name": "Azure DevOps Server 2019 Update 1.1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0758.json b/2020/0xxx/CVE-2020-0758.json index 6a41bc16e78..d090acf6b3d 100644 --- a/2020/0xxx/CVE-2020-0758.json +++ b/2020/0xxx/CVE-2020-0758.json @@ -1,103 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0758", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Team Foundation Server 2018", - "version": { - "version_data": [ - { - "version_value": "Update 1.2" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Team Foundation Server 2018", + "version": { + "version_data": [ + { + "version_value": "Update 1.2" + }, + { + "version_value": "Update 3.2" + } + ] + } + }, + { + "product_name": "Team Foundation Server", + "version": { + "version_data": [ + { + "version_value": "2017 Update 3.1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server", + "version": { + "version_data": [ + { + "version_value": "2019.0.1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2019", + "version": { + "version_data": [ + { + "version_value": "Update 1" + } + ] + } + }, + { + "product_name": "Azure DevOps Server 2019 Update 1.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "Update 3.2" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Team Foundation Server", - "version": { - "version_data": [ - { - "version_value": "2017 Update 3.1" - } - ] - } - }, - { - "product_name": "Azure DevOps Server", - "version": { - "version_data": [ - { - "version_value": "2019.0.1" - } - ] - } - }, - { - "product_name": "Azure DevOps Server 2019", - "version": { - "version_data": [ - { - "version_value": "Update 1" - } - ] - } - }, - { - "product_name": "Azure DevOps Server 2019 Update 1.1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0762.json b/2020/0xxx/CVE-2020-0762.json index 6173ad3fdc2..ba5b7459c63 100644 --- a/2020/0xxx/CVE-2020-0762.json +++ b/2020/0xxx/CVE-2020-0762.json @@ -1,174 +1,176 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0762", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for x64-based Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Windows Defender Security Center Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0763." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0763." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0762" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0762", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0762" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0763.json b/2020/0xxx/CVE-2020-0763.json index 670c64d4f2f..dbd59ba78e8 100644 --- a/2020/0xxx/CVE-2020-0763.json +++ b/2020/0xxx/CVE-2020-0763.json @@ -1,171 +1,173 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0763", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1809 for x64-based Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "version 1803 (Core Installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for 32-bit Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "version 1803 (Core Installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Windows Defender Security Center Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0762." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0762." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0763" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0763", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0763" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0765.json b/2020/0xxx/CVE-2020-0765.json index 51dc33ba0f6..59237ca5d16 100644 --- a/2020/0xxx/CVE-2020-0765.json +++ b/2020/0xxx/CVE-2020-0765.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0765", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Remote Desktop Connection Manager 2.7", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Remote Desktop Connection Manager 2.7", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka \u0027Remote Desktop Connection Manager Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0765" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0765", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0765" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0768.json b/2020/0xxx/CVE-2020-0768.json index b389005e12b..d97f162cdd7 100644 --- a/2020/0xxx/CVE-2020-0768.json +++ b/2020/0xxx/CVE-2020-0768.json @@ -1,413 +1,415 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0768", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "Windows Server 2019" - }, - { - "version_value": "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 for 32-bit Systems" - }, - { - "version_value": "Windows 10 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value": "Windows Server 2016" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0768" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0768", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0768" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0769.json b/2020/0xxx/CVE-2020-0769.json index f8dc7f245f3..6911971181f 100644 --- a/2020/0xxx/CVE-2020-0769.json +++ b/2020/0xxx/CVE-2020-0769.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0769", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows CSC Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0771." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0771." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0769" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0769", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0769" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0770.json b/2020/0xxx/CVE-2020-0770.json index d7071447c14..b4c4cc35914 100644 --- a/2020/0xxx/CVE-2020-0770.json +++ b/2020/0xxx/CVE-2020-0770.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0770", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows ActiveX Installer Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0773, CVE-2020-0860." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0773, CVE-2020-0860." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0770" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0770", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0770" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0771.json b/2020/0xxx/CVE-2020-0771.json index 9a0eb363a7b..bce0e3cb299 100644 --- a/2020/0xxx/CVE-2020-0771.json +++ b/2020/0xxx/CVE-2020-0771.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0771", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows CSC Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0769." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0769." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0771" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0771", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0771" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0772.json b/2020/0xxx/CVE-2020-0772.json index 592153ac30e..07104cf6820 100644 --- a/2020/0xxx/CVE-2020-0772.json +++ b/2020/0xxx/CVE-2020-0772.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0772", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Error Reporting Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0806." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0806." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0772" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0772", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0772" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0773.json b/2020/0xxx/CVE-2020-0773.json index edf0dbc43f4..41e2a4b8c78 100644 --- a/2020/0xxx/CVE-2020-0773.json +++ b/2020/0xxx/CVE-2020-0773.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0773", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows ActiveX Installer Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0770, CVE-2020-0860." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0860." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0773" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0773", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0773" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0774.json b/2020/0xxx/CVE-2020-0774.json index aa34714a281..e07fe7cb19d 100644 --- a/2020/0xxx/CVE-2020-0774.json +++ b/2020/0xxx/CVE-2020-0774.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0774", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0774" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0774", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0774" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0775.json b/2020/0xxx/CVE-2020-0775.json index 35a76393a17..5a3e8f1e4b9 100644 --- a/2020/0xxx/CVE-2020-0775.json +++ b/2020/0xxx/CVE-2020-0775.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0775", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Error Reporting Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0775" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0775", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0775" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0776.json b/2020/0xxx/CVE-2020-0776.json index a79de1bc5ce..b7baf8d922c 100644 --- a/2020/0xxx/CVE-2020-0776.json +++ b/2020/0xxx/CVE-2020-0776.json @@ -1,192 +1,194 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0776", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0858." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0858." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0776" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0776", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0776" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0777.json b/2020/0xxx/CVE-2020-0777.json index 17d81356ad9..f5cba529fad 100644 --- a/2020/0xxx/CVE-2020-0777.json +++ b/2020/0xxx/CVE-2020-0777.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0777", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0777" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0777", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0777" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0778.json b/2020/0xxx/CVE-2020-0778.json index fba80696a43..bec1802751a 100644 --- a/2020/0xxx/CVE-2020-0778.json +++ b/2020/0xxx/CVE-2020-0778.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0778", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \u0027Windows Network Connections Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0778" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0778", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0778" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0779.json b/2020/0xxx/CVE-2020-0779.json index c62ece7b5d6..2ec80bb995e 100644 --- a/2020/0xxx/CVE-2020-0779.json +++ b/2020/0xxx/CVE-2020-0779.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0779", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0779" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0779", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0779" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0780.json b/2020/0xxx/CVE-2020-0780.json index 8b175172c5e..06c5aece107 100644 --- a/2020/0xxx/CVE-2020-0780.json +++ b/2020/0xxx/CVE-2020-0780.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0780", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka \u0027Windows Network List Service Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0780" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0780", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0780" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0781.json b/2020/0xxx/CVE-2020-0781.json index f140e0240f8..526d41532ef 100644 --- a/2020/0xxx/CVE-2020-0781.json +++ b/2020/0xxx/CVE-2020-0781.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0781", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka \u0027Windows UPnP Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0783." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0783." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0781" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0781", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0781" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0783.json b/2020/0xxx/CVE-2020-0783.json index 9e2778e94a7..8f61c198318 100644 --- a/2020/0xxx/CVE-2020-0783.json +++ b/2020/0xxx/CVE-2020-0783.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0783", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka \u0027Windows UPnP Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0781." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0781." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0783" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0783", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0783" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0785.json b/2020/0xxx/CVE-2020-0785.json index ea0b0c5d2c4..93947012674 100644 --- a/2020/0xxx/CVE-2020-0785.json +++ b/2020/0xxx/CVE-2020-0785.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0785", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka \u0027Windows User Profile Service Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0785" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0785", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0785" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0786.json b/2020/0xxx/CVE-2020-0786.json index 91f1e23aa61..34011918bb9 100644 --- a/2020/0xxx/CVE-2020-0786.json +++ b/2020/0xxx/CVE-2020-0786.json @@ -1,82 +1,84 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0786", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka \u0027Windows Tile Object Service Denial of Service Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0786" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0786", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0786" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0787.json b/2020/0xxx/CVE-2020-0787.json index 0377a401510..68e3ddbf42f 100644 --- a/2020/0xxx/CVE-2020-0787.json +++ b/2020/0xxx/CVE-2020-0787.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0787", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka \u0027Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0788.json b/2020/0xxx/CVE-2020-0788.json index 71562376c36..e7bc379da9e 100644 --- a/2020/0xxx/CVE-2020-0788.json +++ b/2020/0xxx/CVE-2020-0788.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0788", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0877, CVE-2020-0887." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0877, CVE-2020-0887." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0788" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0788", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0788" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0789.json b/2020/0xxx/CVE-2020-0789.json index 922bc8f71ab..fa25ac60571 100644 --- a/2020/0xxx/CVE-2020-0789.json +++ b/2020/0xxx/CVE-2020-0789.json @@ -1,70 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0789", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Visual Studio 2019", - "version": { - "version_data": [ - { - "version_value": "16.0" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka \u0027Visual Studio Extension Installer Service Denial of Service Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0789" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0789", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0789" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0791.json b/2020/0xxx/CVE-2020-0791.json index 5952f501038..f183d1333d8 100644 --- a/2020/0xxx/CVE-2020-0791.json +++ b/2020/0xxx/CVE-2020-0791.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0791", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka \u0027Windows Graphics Component Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0898." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0898." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0791" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0791", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0791" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0793.json b/2020/0xxx/CVE-2020-0793.json index 47324ebba8d..219053d2d21 100644 --- a/2020/0xxx/CVE-2020-0793.json +++ b/2020/0xxx/CVE-2020-0793.json @@ -1,238 +1,240 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0793", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio", + "version": { + "version_data": [ + { + "version_value": "2015 Update 3" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019", - "version": { - "version_data": [ - { - "version_value": "16.0" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio", - "version": { - "version_data": [ - { - "version_value": "2015 Update 3" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0793" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0795.json b/2020/0xxx/CVE-2020-0795.json index 8db31f2ff3b..8c76d319d67 100644 --- a/2020/0xxx/CVE-2020-0795.json +++ b/2020/0xxx/CVE-2020-0795.json @@ -1,80 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0795", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft SharePoint Enterprise Server", - "version": { - "version_data": [ - { - "version_value": "2016" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + }, + { + "product_name": "Microsoft Business Productivity Servers", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Foundation", + "version": { + "version_data": [ + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Business Productivity Servers", - "version": { - "version_data": [ - { - "version_value": "2010 Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft SharePoint Foundation", - "version": { - "version_data": [ - { - "version_value": "2013 Service Pack 1" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka \u0027Microsoft SharePoint Reflective XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0891." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0796.json b/2020/0xxx/CVE-2020-0796.json index e8af4268ef3..274d7184ca5 100644 --- a/2020/0xxx/CVE-2020-0796.json +++ b/2020/0xxx/CVE-2020-0796.json @@ -1,130 +1,132 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0796", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka \u0027Windows SMBv3 Client/Server Remote Code Execution Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0797.json b/2020/0xxx/CVE-2020-0797.json index b4c65d0b813..9c3014ede90 100644 --- a/2020/0xxx/CVE-2020-0797.json +++ b/2020/0xxx/CVE-2020-0797.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0797", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0797" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0797", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0797" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0798.json b/2020/0xxx/CVE-2020-0798.json index 29f2f3cd924..bae454a4ba5 100644 --- a/2020/0xxx/CVE-2020-0798.json +++ b/2020/0xxx/CVE-2020-0798.json @@ -1,192 +1,194 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0798", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0779, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0798" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0798", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0798" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0799.json b/2020/0xxx/CVE-2020-0799.json index 575a81750f6..543ebe83e34 100644 --- a/2020/0xxx/CVE-2020-0799.json +++ b/2020/0xxx/CVE-2020-0799.json @@ -1,219 +1,221 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0799", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka 'Windows Kernel Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0799" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0799", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0799" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0800.json b/2020/0xxx/CVE-2020-0800.json index 962c37f53d0..7c03f095035 100644 --- a/2020/0xxx/CVE-2020-0800.json +++ b/2020/0xxx/CVE-2020-0800.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0800", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0800" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0800", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0800" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0801.json b/2020/0xxx/CVE-2020-0801.json index 54e74bc2429..2848eda05b3 100644 --- a/2020/0xxx/CVE-2020-0801.json +++ b/2020/0xxx/CVE-2020-0801.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0801", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \u0027Media Foundation Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0807, CVE-2020-0809, CVE-2020-0869." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0807, CVE-2020-0809, CVE-2020-0869." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0801" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0801", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0801" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0802.json b/2020/0xxx/CVE-2020-0802.json index 7c1b22c55fc..8ace786b63a 100644 --- a/2020/0xxx/CVE-2020-0802.json +++ b/2020/0xxx/CVE-2020-0802.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0802", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \u0027Windows Network Connections Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0778, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0803, CVE-2020-0804, CVE-2020-0845." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0802" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0802", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0802" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0803.json b/2020/0xxx/CVE-2020-0803.json index e7e62bbb5b6..1e56d1e4392 100644 --- a/2020/0xxx/CVE-2020-0803.json +++ b/2020/0xxx/CVE-2020-0803.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0803", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \u0027Windows Network Connections Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0804, CVE-2020-0845." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0804, CVE-2020-0845." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0803" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0803", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0803" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0804.json b/2020/0xxx/CVE-2020-0804.json index 455e96cca6c..5169046b508 100644 --- a/2020/0xxx/CVE-2020-0804.json +++ b/2020/0xxx/CVE-2020-0804.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0804", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \u0027Windows Network Connections Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0845." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0845." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0804" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0804", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0804" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0806.json b/2020/0xxx/CVE-2020-0806.json index 00f539c66a9..51b5a076254 100644 --- a/2020/0xxx/CVE-2020-0806.json +++ b/2020/0xxx/CVE-2020-0806.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0806", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka \u0027Windows Error Reporting Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0772." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0772." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0806" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0806", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0806" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0807.json b/2020/0xxx/CVE-2020-0807.json index 1667409272b..2b56afb1d8b 100644 --- a/2020/0xxx/CVE-2020-0807.json +++ b/2020/0xxx/CVE-2020-0807.json @@ -1,171 +1,173 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0807", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \u0027Media Foundation Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0801, CVE-2020-0809, CVE-2020-0869." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0809, CVE-2020-0869." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0807" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0807", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0807" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0808.json b/2020/0xxx/CVE-2020-0808.json index 4a6d3615628..d2a8e6281bb 100644 --- a/2020/0xxx/CVE-2020-0808.json +++ b/2020/0xxx/CVE-2020-0808.json @@ -1,180 +1,182 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0808", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations, aka \u0027Provisioning Runtime Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations, aka 'Provisioning Runtime Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0808" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0808", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0808" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0809.json b/2020/0xxx/CVE-2020-0809.json index 03adcd793e7..6de281b3090 100644 --- a/2020/0xxx/CVE-2020-0809.json +++ b/2020/0xxx/CVE-2020-0809.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0809", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \u0027Media Foundation Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0869." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0869." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0809" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0809", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0809" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0810.json b/2020/0xxx/CVE-2020-0810.json index 68c731d20fe..1b340b29693 100644 --- a/2020/0xxx/CVE-2020-0810.json +++ b/2020/0xxx/CVE-2020-0810.json @@ -1,238 +1,240 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0810", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio", + "version": { + "version_data": [ + { + "version_value": "2015 Update 3" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019", - "version": { - "version_data": [ - { - "version_value": "16.0" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio", - "version": { - "version_data": [ - { - "version_value": "2015 Update 3" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka \u0027Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0811.json b/2020/0xxx/CVE-2020-0811.json index b6054a916eb..9d181ce82a6 100644 --- a/2020/0xxx/CVE-2020-0811.json +++ b/2020/0xxx/CVE-2020-0811.json @@ -1,220 +1,222 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0811", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0812." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0812." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0811" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0811", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0811" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0812.json b/2020/0xxx/CVE-2020-0812.json index 84a1ed7cf99..a33b43a7b4f 100644 --- a/2020/0xxx/CVE-2020-0812.json +++ b/2020/0xxx/CVE-2020-0812.json @@ -1,160 +1,162 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0812", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0811." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0811." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0812" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0812", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0812" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0813.json b/2020/0xxx/CVE-2020-0813.json index 549ed8a40c3..ea584dc24a9 100644 --- a/2020/0xxx/CVE-2020-0813.json +++ b/2020/0xxx/CVE-2020-0813.json @@ -1,220 +1,222 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0813", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user\u00e2\u20ac\u2122s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0814.json b/2020/0xxx/CVE-2020-0814.json index 5344a7b1ed3..79e753af9dc 100644 --- a/2020/0xxx/CVE-2020-0814.json +++ b/2020/0xxx/CVE-2020-0814.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0814", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0842, CVE-2020-0843." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0814" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0814", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0814" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0815.json b/2020/0xxx/CVE-2020-0815.json index e84d19be120..c08c5719dda 100644 --- a/2020/0xxx/CVE-2020-0815.json +++ b/2020/0xxx/CVE-2020-0815.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0815", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Azure DevOps Server 2019 Update 1.1", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Azure DevOps Server 2019 Update 1.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0758." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0816.json b/2020/0xxx/CVE-2020-0816.json index 261cb6348ce..17a4bb3be7b 100644 --- a/2020/0xxx/CVE-2020-0816.json +++ b/2020/0xxx/CVE-2020-0816.json @@ -1,240 +1,242 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0816", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \u0027Microsoft Edge Memory Corruption Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0816" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0816", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0816" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0819.json b/2020/0xxx/CVE-2020-0819.json index e019d0aae04..facc11e7c4c 100644 --- a/2020/0xxx/CVE-2020-0819.json +++ b/2020/0xxx/CVE-2020-0819.json @@ -1,219 +1,221 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0819", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations, aka \u0027Windows Device Setup Manager Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations, aka 'Windows Device Setup Manager Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0819" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0819", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0819" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0820.json b/2020/0xxx/CVE-2020-0820.json index 7a815838cb1..0f9bd89527c 100644 --- a/2020/0xxx/CVE-2020-0820.json +++ b/2020/0xxx/CVE-2020-0820.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0820", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka \u0027Media Foundation Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0820" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0820", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0820" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0822.json b/2020/0xxx/CVE-2020-0822.json index 80abaf32bfe..a847164eb2e 100644 --- a/2020/0xxx/CVE-2020-0822.json +++ b/2020/0xxx/CVE-2020-0822.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0822", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka \u0027Windows Language Pack Installer Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0822" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0822", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0822" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0823.json b/2020/0xxx/CVE-2020-0823.json index fc45be2a4f7..c3989a81b72 100644 --- a/2020/0xxx/CVE-2020-0823.json +++ b/2020/0xxx/CVE-2020-0823.json @@ -1,270 +1,272 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0823", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0823" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0823", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0823" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0824.json b/2020/0xxx/CVE-2020-0824.json index db8258f6eed..6641e1bfe7c 100644 --- a/2020/0xxx/CVE-2020-0824.json +++ b/2020/0xxx/CVE-2020-0824.json @@ -1,193 +1,195 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0824", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Internet Explorer 11", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "Windows Server 2019" - }, - { - "version_value": "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 for 32-bit Systems" - }, - { - "version_value": "Windows 10 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value": "Windows Server 2016" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \u0027Internet Explorer Memory Corruption Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0824" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0824", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0824" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0825.json b/2020/0xxx/CVE-2020-0825.json index cb4673f7840..56ad89aec3a 100644 --- a/2020/0xxx/CVE-2020-0825.json +++ b/2020/0xxx/CVE-2020-0825.json @@ -1,160 +1,162 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0825", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0825" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0825", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0825" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0826.json b/2020/0xxx/CVE-2020-0826.json index 3a5e05975ac..ca91433427c 100644 --- a/2020/0xxx/CVE-2020-0826.json +++ b/2020/0xxx/CVE-2020-0826.json @@ -1,270 +1,272 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0826", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0826" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0826", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0826" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0827.json b/2020/0xxx/CVE-2020-0827.json index fb69dc719af..1d6f98e98e5 100644 --- a/2020/0xxx/CVE-2020-0827.json +++ b/2020/0xxx/CVE-2020-0827.json @@ -1,270 +1,272 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0827", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0827" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0827", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0827" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0828.json b/2020/0xxx/CVE-2020-0828.json index bcdf0cfc619..e2d087d55ca 100644 --- a/2020/0xxx/CVE-2020-0828.json +++ b/2020/0xxx/CVE-2020-0828.json @@ -1,270 +1,272 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0828", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0828" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0828", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0828" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0829.json b/2020/0xxx/CVE-2020-0829.json index 68780648553..0b83e646591 100644 --- a/2020/0xxx/CVE-2020-0829.json +++ b/2020/0xxx/CVE-2020-0829.json @@ -1,270 +1,272 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0829", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0829" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0829", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0829" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0830.json b/2020/0xxx/CVE-2020-0830.json index 6d5a0ff243d..4d031fa80f7 100644 --- a/2020/0xxx/CVE-2020-0830.json +++ b/2020/0xxx/CVE-2020-0830.json @@ -1,413 +1,415 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0830", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "Windows Server 2019" - }, - { - "version_value": "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 for 32-bit Systems" - }, - { - "version_value": "Windows 10 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value": "Windows Server 2016" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0830" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0830", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0830" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0831.json b/2020/0xxx/CVE-2020-0831.json index 9eb599cd7ab..d2fb1bcade9 100644 --- a/2020/0xxx/CVE-2020-0831.json +++ b/2020/0xxx/CVE-2020-0831.json @@ -1,270 +1,272 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0831", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0831" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0831", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0831" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0832.json b/2020/0xxx/CVE-2020-0832.json index 82a41a54e6d..7fe2a1d93e9 100644 --- a/2020/0xxx/CVE-2020-0832.json +++ b/2020/0xxx/CVE-2020-0832.json @@ -1,206 +1,208 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0832", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Internet Explorer 9", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Internet Explorer 11", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "Windows Server 2019" - }, - { - "version_value": "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 for 32-bit Systems" - }, - { - "version_value": "Windows 10 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value": "Windows Server 2016" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0832" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0832", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0832" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0833.json b/2020/0xxx/CVE-2020-0833.json index de1eafa3e6e..903cf249d64 100644 --- a/2020/0xxx/CVE-2020-0833.json +++ b/2020/0xxx/CVE-2020-0833.json @@ -1,193 +1,195 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0833", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Internet Explorer 11", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "Windows Server 2019" - }, - { - "version_value": "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 for 32-bit Systems" - }, - { - "version_value": "Windows 10 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value": "Windows Server 2016" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0833" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0833", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0833" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0834.json b/2020/0xxx/CVE-2020-0834.json index 5c42c594815..76738c5967d 100644 --- a/2020/0xxx/CVE-2020-0834.json +++ b/2020/0xxx/CVE-2020-0834.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0834", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka \u0027Windows ALPC Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0834" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0834", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0834" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0840.json b/2020/0xxx/CVE-2020-0840.json index 041a56b2e53..6c9d629a2f0 100644 --- a/2020/0xxx/CVE-2020-0840.json +++ b/2020/0xxx/CVE-2020-0840.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0840", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka \u0027Windows Hard Link Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0841, CVE-2020-0849, CVE-2020-0896." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0841, CVE-2020-0849, CVE-2020-0896." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0840" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0840", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0840" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0841.json b/2020/0xxx/CVE-2020-0841.json index 5a600fba137..1c9c44eed4d 100644 --- a/2020/0xxx/CVE-2020-0841.json +++ b/2020/0xxx/CVE-2020-0841.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0841", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka \u0027Windows Hard Link Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0840, CVE-2020-0849, CVE-2020-0896." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0849, CVE-2020-0896." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0841" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0841", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0841" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0842.json b/2020/0xxx/CVE-2020-0842.json index 8ecae15b8e0..41332bbd4da 100644 --- a/2020/0xxx/CVE-2020-0842.json +++ b/2020/0xxx/CVE-2020-0842.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0842", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0843." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0843." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0842" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0842", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0842" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0843.json b/2020/0xxx/CVE-2020-0843.json index 0c628d8a129..e3646fae8b5 100644 --- a/2020/0xxx/CVE-2020-0843.json +++ b/2020/0xxx/CVE-2020-0843.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0843", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka \u0027Windows Installer Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0842." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0779, CVE-2020-0798, CVE-2020-0814, CVE-2020-0842." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0843" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0843", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0843" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0844.json b/2020/0xxx/CVE-2020-0844.json index f43ae32d06f..7b1ecb0f379 100644 --- a/2020/0xxx/CVE-2020-0844.json +++ b/2020/0xxx/CVE-2020-0844.json @@ -1,228 +1,230 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0844", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka \u0027Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0844" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0844", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0844" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0845.json b/2020/0xxx/CVE-2020-0845.json index fbd6af835bd..c1fdafdab92 100644 --- a/2020/0xxx/CVE-2020-0845.json +++ b/2020/0xxx/CVE-2020-0845.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0845", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \u0027Windows Network Connections Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0778, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0845" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0845", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0845" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0847.json b/2020/0xxx/CVE-2020-0847.json index 292bfcb4cd7..27adeaa1050 100644 --- a/2020/0xxx/CVE-2020-0847.json +++ b/2020/0xxx/CVE-2020-0847.json @@ -1,206 +1,208 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0847", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Internet Explorer 9", - "version": { - "version_data": [ - { - "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Internet Explorer 11", - "version": { - "version_data": [ - { - "version_value": "Windows 10 Version 1803 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1803 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1809 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "Windows Server 2019" - }, - { - "version_value": "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "Windows 10 for 32-bit Systems" - }, - { - "version_value": "Windows 10 for x64-based Systems" - }, - { - "version_value": "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value": "Windows Server 2016" - }, - { - "version_value": "Windows 7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "Windows 7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows 8.1 for 32-bit systems" - }, - { - "version_value": "Windows 8.1 for x64-based systems" - }, - { - "version_value": "Windows RT 8.1" - }, - { - "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "Windows Server 2012 R2" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Internet Explorer 11 on Windows Server 2012", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \u0027VBScript Remote Code Execution Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0847" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0847", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0847" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0848.json b/2020/0xxx/CVE-2020-0848.json index 91874984694..905d083053f 100644 --- a/2020/0xxx/CVE-2020-0848.json +++ b/2020/0xxx/CVE-2020-0848.json @@ -1,250 +1,252 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0848", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "ChakraCore", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0848" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0848", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0848" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0849.json b/2020/0xxx/CVE-2020-0849.json index 960bfff18c1..86153e52725 100644 --- a/2020/0xxx/CVE-2020-0849.json +++ b/2020/0xxx/CVE-2020-0849.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0849", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka \u0027Windows Hard Link Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0896." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0896." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0849" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0849", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0849" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0850.json b/2020/0xxx/CVE-2020-0850.json index 39e04b59a24..0ab524a874f 100644 --- a/2020/0xxx/CVE-2020-0850.json +++ b/2020/0xxx/CVE-2020-0850.json @@ -1,147 +1,149 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0850", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft SharePoint Enterprise Server", - "version": { - "version_data": [ - { - "version_value": "2016" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Word", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Foundation", + "version": { + "version_data": [ + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] }, - { - "version_value": "2013 Service Pack 1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft SharePoint Server", - "version": { - "version_data": [ - { - "version_value": "2019" - } - ] - } - }, - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" - }, - { - "version_value": "2019 for 64-bit editions" - }, - { - "version_value": "2019 for Mac" - }, - { - "version_value": "2016 for Mac" - } - ] - } - }, - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" - }, - { - "version_value": "64-bit Systems" - } - ] - } - }, - { - "product_name": "Microsoft Office Online Server", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Word", - "version": { - "version_data": [ - { - "version_value": "2016 (32-bit edition)" - }, - { - "version_value": "2016 (64-bit edition)" - }, - { - "version_value": "2013 RT Service Pack 1" - }, - { - "version_value": "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value": "2013 Service Pack 1 (64-bit editions)" - } - ] - } - }, - { - "product_name": "Microsoft SharePoint Foundation", - "version": { - "version_data": [ - { - "version_value": "2013 Service Pack 1" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0851.json b/2020/0xxx/CVE-2020-0851.json index ea16a2ad66a..0f8f17c3aa9 100644 --- a/2020/0xxx/CVE-2020-0851.json +++ b/2020/0xxx/CVE-2020-0851.json @@ -1,76 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0851", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for Mac" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] }, - { - "version_value": "2016 for Mac" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" - }, - { - "version_value": "64-bit Systems" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0850, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0851" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0851", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0851" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0852.json b/2020/0xxx/CVE-2020-0852.json index 17257a5ff02..b5416a41c9e 100644 --- a/2020/0xxx/CVE-2020-0852.json +++ b/2020/0xxx/CVE-2020-0852.json @@ -1,86 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0852", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft SharePoint Server", - "version": { - "version_data": [ - { - "version_value": "2019" - } - ] - } - }, - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Microsoft Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "2019 for 64-bit editions" - }, - { - "version_value": "2016 for Mac" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Office Online Server", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0855, CVE-2020-0892." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0855, CVE-2020-0892." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0853.json b/2020/0xxx/CVE-2020-0853.json index b1da7792a4c..5bc5815b53e 100644 --- a/2020/0xxx/CVE-2020-0853.json +++ b/2020/0xxx/CVE-2020-0853.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0853", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka \u0027Windows Imaging Component Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0853" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0853", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0853" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0854.json b/2020/0xxx/CVE-2020-0854.json index 73da9665398..559e8282f6f 100644 --- a/2020/0xxx/CVE-2020-0854.json +++ b/2020/0xxx/CVE-2020-0854.json @@ -1,159 +1,161 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0854", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1809 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka \u0027Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0854" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0854", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0854" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0855.json b/2020/0xxx/CVE-2020-0855.json index db64fe7b8a2..6a36e3d902f 100644 --- a/2020/0xxx/CVE-2020-0855.json +++ b/2020/0xxx/CVE-2020-0855.json @@ -1,73 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0855", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for Mac" - } - ] - } - }, - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] }, - { - "version_value": "64-bit Systems" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0892." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0892." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0855" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0855", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0855" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0857.json b/2020/0xxx/CVE-2020-0857.json index 8ed39962ac0..1d0f8c5e1ef 100644 --- a/2020/0xxx/CVE-2020-0857.json +++ b/2020/0xxx/CVE-2020-0857.json @@ -1,219 +1,221 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0857", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka \u0027Windows Search Indexer Elevation of Privilege Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0857" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0857", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0857" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0858.json b/2020/0xxx/CVE-2020-0858.json index 3afd8b38a2e..abe06578616 100644 --- a/2020/0xxx/CVE-2020-0858.json +++ b/2020/0xxx/CVE-2020-0858.json @@ -1,219 +1,221 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0858", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the \u0026quot;Public Account Pictures\u0026quot; folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0776." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0776." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0858" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0858", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0858" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0859.json b/2020/0xxx/CVE-2020-0859.json index a4f83dea904..aca495ee631 100644 --- a/2020/0xxx/CVE-2020-0859.json +++ b/2020/0xxx/CVE-2020-0859.json @@ -1,219 +1,221 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0859", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka \u0027Windows Modules Installer Service Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0859" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0859", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0859" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0860.json b/2020/0xxx/CVE-2020-0860.json index ee9e03c9815..30da8c9db4c 100644 --- a/2020/0xxx/CVE-2020-0860.json +++ b/2020/0xxx/CVE-2020-0860.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0860", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows ActiveX Installer Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0770, CVE-2020-0773." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0770, CVE-2020-0773." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0860" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0860", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0860" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0861.json b/2020/0xxx/CVE-2020-0861.json index 5d417c8b322..657e2b44879 100644 --- a/2020/0xxx/CVE-2020-0861.json +++ b/2020/0xxx/CVE-2020-0861.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0861", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0861" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0861", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0861" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0863.json b/2020/0xxx/CVE-2020-0863.json index 82651c8c331..97ee4c24238 100644 --- a/2020/0xxx/CVE-2020-0863.json +++ b/2020/0xxx/CVE-2020-0863.json @@ -1,130 +1,132 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0863", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka \u0027Connected User Experiences and Telemetry Service Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0863" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0863", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0863" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0864.json b/2020/0xxx/CVE-2020-0864.json index 29950d40df2..fa074e1ed5c 100644 --- a/2020/0xxx/CVE-2020-0864.json +++ b/2020/0xxx/CVE-2020-0864.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0864", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0865, CVE-2020-0866, CVE-2020-0897." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0864" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0864", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0864" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0865.json b/2020/0xxx/CVE-2020-0865.json index ba4b6627c47..590be51f4ec 100644 --- a/2020/0xxx/CVE-2020-0865.json +++ b/2020/0xxx/CVE-2020-0865.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0865", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0866, CVE-2020-0897." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0866, CVE-2020-0897." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0865" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0865", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0865" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0866.json b/2020/0xxx/CVE-2020-0866.json index 2a5274872c6..df44da0e720 100644 --- a/2020/0xxx/CVE-2020-0866.json +++ b/2020/0xxx/CVE-2020-0866.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0866", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0897." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0897." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0866" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0866", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0866" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0867.json b/2020/0xxx/CVE-2020-0867.json index be4a836ccb2..7d01063e05f 100644 --- a/2020/0xxx/CVE-2020-0867.json +++ b/2020/0xxx/CVE-2020-0867.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0867", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka \u0027Windows Update Orchestrator Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0868." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0868." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0867" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0867", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0867" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0868.json b/2020/0xxx/CVE-2020-0868.json index 2eab39debb0..7556046ca9b 100644 --- a/2020/0xxx/CVE-2020-0868.json +++ b/2020/0xxx/CVE-2020-0868.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0868", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka \u0027Windows Update Orchestrator Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0867." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0867." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0868" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0868", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0868" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0869.json b/2020/0xxx/CVE-2020-0869.json index fe266413b98..6437c291ea0 100644 --- a/2020/0xxx/CVE-2020-0869.json +++ b/2020/0xxx/CVE-2020-0869.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0869", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \u0027Media Foundation Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0809." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0809." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0869" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0869", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0869" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0871.json b/2020/0xxx/CVE-2020-0871.json index 36d0e2cfc72..7b8d983f9c1 100644 --- a/2020/0xxx/CVE-2020-0871.json +++ b/2020/0xxx/CVE-2020-0871.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0871", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka \u0027Windows Network Connections Service Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0871" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0871", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0871" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0872.json b/2020/0xxx/CVE-2020-0872.json index c7821e7a783..e5ca7d1bffe 100644 --- a/2020/0xxx/CVE-2020-0872.json +++ b/2020/0xxx/CVE-2020-0872.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0872", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Application Inspector", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Inspector", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka \u0027Remote Code Execution Vulnerability in Application Inspector\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0872" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0872", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0872" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0874.json b/2020/0xxx/CVE-2020-0874.json index 1fc0c12fe8a..cd49db5325c 100644 --- a/2020/0xxx/CVE-2020-0874.json +++ b/2020/0xxx/CVE-2020-0874.json @@ -1,173 +1,175 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0874", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0774, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0874" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0874", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0874" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6208.json b/2020/6xxx/CVE-2020-6208.json index 2f06c2afb04..1ba111fbc7c 100644 --- a/2020/6xxx/CVE-2020-6208.json +++ b/2020/6xxx/CVE-2020-6208.json @@ -73,6 +73,11 @@ "url": "https://launchpad.support.sap.com/#/notes/2861301", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/2861301" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/" } ] } diff --git a/2020/9xxx/CVE-2020-9530.json b/2020/9xxx/CVE-2020-9530.json index 8920bf7a239..dba3681bab9 100644 --- a/2020/9xxx/CVE-2020-9530.json +++ b/2020/9xxx/CVE-2020-9530.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://sec.xiaomi.com/post/180", "url": "https://sec.xiaomi.com/post/180" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-289/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-289/" } ] } diff --git a/2020/9xxx/CVE-2020-9531.json b/2020/9xxx/CVE-2020-9531.json index 5f1315a038f..17480c6642b 100644 --- a/2020/9xxx/CVE-2020-9531.json +++ b/2020/9xxx/CVE-2020-9531.json @@ -56,6 +56,16 @@ "refsource": "MISC", "name": "https://sec.xiaomi.com/post/180", "url": "https://sec.xiaomi.com/post/180" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-287/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-287/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-288/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-288/" } ] } From 2fa0bee5d2ecd9c73146a14fa5cf979c834ad1de Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 16:01:42 +0000 Subject: [PATCH 067/144] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0876.json | 252 +++++++++--------- 2020/0xxx/CVE-2020-0877.json | 488 ++++++++++++++++++----------------- 2020/0xxx/CVE-2020-0879.json | 416 ++++++++++++++--------------- 2020/0xxx/CVE-2020-0880.json | 488 ++++++++++++++++++----------------- 2020/0xxx/CVE-2020-0881.json | 488 ++++++++++++++++++----------------- 2020/0xxx/CVE-2020-0882.json | 488 ++++++++++++++++++----------------- 2020/0xxx/CVE-2020-0883.json | 488 ++++++++++++++++++----------------- 2020/0xxx/CVE-2020-0884.json | 152 +++++------ 2020/0xxx/CVE-2020-0885.json | 458 ++++++++++++++++---------------- 2020/0xxx/CVE-2020-0887.json | 488 ++++++++++++++++++----------------- 2020/0xxx/CVE-2020-0891.json | 156 +++++------ 2020/0xxx/CVE-2020-0892.json | 336 ++++++++++++------------ 2020/0xxx/CVE-2020-0893.json | 136 +++++----- 2020/0xxx/CVE-2020-0894.json | 156 +++++------ 2020/0xxx/CVE-2020-0896.json | 386 +++++++++++++-------------- 2020/0xxx/CVE-2020-0897.json | 416 ++++++++++++++--------------- 2020/0xxx/CVE-2020-0898.json | 142 +++++----- 2020/0xxx/CVE-2020-0902.json | 112 ++++---- 2020/0xxx/CVE-2020-0903.json | 172 ++++++------ 2020/0xxx/CVE-2020-0905.json | 252 +++++++++--------- 20 files changed, 3255 insertions(+), 3215 deletions(-) diff --git a/2020/0xxx/CVE-2020-0876.json b/2020/0xxx/CVE-2020-0876.json index 527a216626d..dedb1cff6a8 100644 --- a/2020/0xxx/CVE-2020-0876.json +++ b/2020/0xxx/CVE-2020-0876.json @@ -1,130 +1,132 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0876", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka \u0027Win32k Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0876" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0876", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0876" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0877.json b/2020/0xxx/CVE-2020-0877.json index 2110494abf6..f8cba88c60e 100644 --- a/2020/0xxx/CVE-2020-0877.json +++ b/2020/0xxx/CVE-2020-0877.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0877", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0788, CVE-2020-0887." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0887." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0877" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0877", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0877" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0879.json b/2020/0xxx/CVE-2020-0879.json index a23eb016a15..335df7d3241 100644 --- a/2020/0xxx/CVE-2020-0879.json +++ b/2020/0xxx/CVE-2020-0879.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0879", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1809 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0880, CVE-2020-0882." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0880, CVE-2020-0882." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0879" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0879", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0879" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0880.json b/2020/0xxx/CVE-2020-0880.json index 6998e2faed1..78fdad519e0 100644 --- a/2020/0xxx/CVE-2020-0880.json +++ b/2020/0xxx/CVE-2020-0880.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0880", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0882." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0882." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0880" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0880", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0880" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0881.json b/2020/0xxx/CVE-2020-0881.json index a2975be0f8c..32d26c6f986 100644 --- a/2020/0xxx/CVE-2020-0881.json +++ b/2020/0xxx/CVE-2020-0881.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0881", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \u0027GDI+ Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0883." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0883." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0881" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0881", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0881" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0882.json b/2020/0xxx/CVE-2020-0882.json index 7b46bb8db70..abcb4142e72 100644 --- a/2020/0xxx/CVE-2020-0882.json +++ b/2020/0xxx/CVE-2020-0882.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0882", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0882" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0882", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0882" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0883.json b/2020/0xxx/CVE-2020-0883.json index de0e654b4bb..b2318436b9e 100644 --- a/2020/0xxx/CVE-2020-0883.json +++ b/2020/0xxx/CVE-2020-0883.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0883", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \u0027GDI+ Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0881." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0883" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0883", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0883" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0884.json b/2020/0xxx/CVE-2020-0884.json index 56b98d663b7..28599777b66 100644 --- a/2020/0xxx/CVE-2020-0884.json +++ b/2020/0xxx/CVE-2020-0884.json @@ -1,80 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0884", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Visual Studio 2019", - "version": { - "version_data": [ - { - "version_value": "16.0" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka \u0027Microsoft Visual Studio Spoofing Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0884" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0885.json b/2020/0xxx/CVE-2020-0885.json index 4e0085283f6..9c9ed9ebd0d 100644 --- a/2020/0xxx/CVE-2020-0885.json +++ b/2020/0xxx/CVE-2020-0885.json @@ -1,234 +1,236 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0885", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \u0027Windows Graphics Component Information Disclosure Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0885" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0885", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0885" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0887.json b/2020/0xxx/CVE-2020-0887.json index 48c4d80dbe8..9ebb9eb99d2 100644 --- a/2020/0xxx/CVE-2020-0887.json +++ b/2020/0xxx/CVE-2020-0887.json @@ -1,249 +1,251 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0887", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "7 for 32-bit Systems Service Pack 1" - }, - { - "version_value": "7 for x64-based Systems Service Pack 1" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 for Itanium-Based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2" - }, - { - "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" - }, - { - "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1" - }, - { - "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" - }, - { - "version_value": "2012" - }, - { - "version_value": "2012 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0788, CVE-2020-0877." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0788, CVE-2020-0877." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0887" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0887", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0887" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0891.json b/2020/0xxx/CVE-2020-0891.json index 54b4f4d90d3..184fb79b1de 100644 --- a/2020/0xxx/CVE-2020-0891.json +++ b/2020/0xxx/CVE-2020-0891.json @@ -1,83 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0891", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft SharePoint Enterprise Server", - "version": { - "version_data": [ - { - "version_value": "2016" - } - ] - } - }, - { - "product_name": "Microsoft SharePoint Server", - "version": { - "version_data": [ - { - "version_value": "2019" - } - ] - } - }, - { - "product_name": "Microsoft SharePoint Foundation", - "version": { - "version_data": [ - { - "version_value": "2010 Service Pack 2" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Foundation", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] }, - { - "version_value": "2013 Service Pack 1" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka \u0027Microsoft SharePoint Reflective XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0795." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0892.json b/2020/0xxx/CVE-2020-0892.json index 25d6f489628..3d791a0c306 100644 --- a/2020/0xxx/CVE-2020-0892.json +++ b/2020/0xxx/CVE-2020-0892.json @@ -1,172 +1,174 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0892", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft SharePoint Foundation", - "version": { - "version_data": [ - { - "version_value": "2013 Service Pack 1" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Foundation", + "version": { + "version_data": [ + { + "version_value": "2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2010 Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Word", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Microsoft Office Web Apps", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft SharePoint Enterprise Server", - "version": { - "version_data": [ - { - "version_value": "2016" - }, - { - "version_value": "2013 Service Pack 1" - } - ] - } - }, - { - "product_name": "Microsoft SharePoint Server", - "version": { - "version_data": [ - { - "version_value": "2019" - }, - { - "version_value": "2010 Service Pack 2" - } - ] - } - }, - { - "product_name": "Microsoft Office", - "version": { - "version_data": [ - { - "version_value": "2019 for 32-bit editions" - }, - { - "version_value": "2019 for 64-bit editions" - }, - { - "version_value": "2019 for Mac" - }, - { - "version_value": "2016 for Mac" - }, - { - "version_value": "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value": "2010 Service Pack 2 (64-bit editions)" - } - ] - } - }, - { - "product_name": "Office 365 ProPlus", - "version": { - "version_data": [ - { - "version_value": "32-bit Systems" - }, - { - "version_value": "64-bit Systems" - } - ] - } - }, - { - "product_name": "Microsoft Office Online Server", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Word", - "version": { - "version_data": [ - { - "version_value": "2016 (32-bit edition)" - }, - { - "version_value": "2016 (64-bit edition)" - }, - { - "version_value": "2010 Service Pack 2 (32-bit editions)" - }, - { - "version_value": "2010 Service Pack 2 (64-bit editions)" - }, - { - "version_value": "2013 RT Service Pack 1" - }, - { - "version_value": "2013 Service Pack 1 (32-bit editions)" - }, - { - "version_value": "2013 Service Pack 1 (64-bit editions)" - } - ] - } - }, - { - "product_name": "Microsoft Office Web Apps", - "version": { - "version_data": [ - { - "version_value": "2010 Service Pack 2" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0893.json b/2020/0xxx/CVE-2020-0893.json index 8f300889d3e..b8adf6f61f2 100644 --- a/2020/0xxx/CVE-2020-0893.json +++ b/2020/0xxx/CVE-2020-0893.json @@ -1,73 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0893", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft SharePoint Enterprise Server", - "version": { - "version_data": [ - { - "version_value": "2016" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + } + ] }, - { - "version_value": "2013 Service Pack 1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft SharePoint Server", - "version": { - "version_data": [ - { - "version_value": "2019" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0894." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0894." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0893" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0893", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0893" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0894.json b/2020/0xxx/CVE-2020-0894.json index 84f6b43b6f6..f72b32b2220 100644 --- a/2020/0xxx/CVE-2020-0894.json +++ b/2020/0xxx/CVE-2020-0894.json @@ -1,83 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0894", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft SharePoint Enterprise Server", - "version": { - "version_data": [ - { - "version_value": "2016" - } - ] - } - }, - { - "product_name": "Microsoft SharePoint Server", - "version": { - "version_data": [ - { - "version_value": "2019" - } - ] - } - }, - { - "product_name": "Microsoft SharePoint Foundation", - "version": { - "version_data": [ - { - "version_value": "2010 Service Pack 2" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server", + "version": { + "version_data": [ + { + "version_value": "2019" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Foundation", + "version": { + "version_data": [ + { + "version_value": "2010 Service Pack 2" + }, + { + "version_value": "2013 Service Pack 1" + } + ] + } + } + ] }, - { - "version_value": "2013 Service Pack 1" - } - ] + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0893." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0896.json b/2020/0xxx/CVE-2020-0896.json index b5e907d35c1..dfd48e5a8d9 100644 --- a/2020/0xxx/CVE-2020-0896.json +++ b/2020/0xxx/CVE-2020-0896.json @@ -1,198 +1,200 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0896", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka \u0027Windows Hard Link Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0849." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0840, CVE-2020-0841, CVE-2020-0849." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0896" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0896", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0896" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0897.json b/2020/0xxx/CVE-2020-0897.json index 6cfc2734d2b..dec1bdb9fc2 100644 --- a/2020/0xxx/CVE-2020-0897.json +++ b/2020/0xxx/CVE-2020-0897.json @@ -1,213 +1,215 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0897", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1803 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1803 for x64-based Systems" - }, - { - "version_value": "10 Version 1803 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1809 for 32-bit Systems" - }, - { - "version_value": "10 Version 1809 for x64-based Systems" - }, - { - "version_value": "10 Version 1809 for ARM64-based Systems" - }, - { - "version_value": "10 Version 1709 for 32-bit Systems" - }, - { - "version_value": "10 Version 1709 for x64-based Systems" - }, - { - "version_value": "10 Version 1709 for ARM64-based Systems" - }, - { - "version_value": "10 for 32-bit Systems" - }, - { - "version_value": "10 for x64-based Systems" - }, - { - "version_value": "10 Version 1607 for 32-bit Systems" - }, - { - "version_value": "10 Version 1607 for x64-based Systems" - }, - { - "version_value": "8.1 for 32-bit systems" - }, - { - "version_value": "8.1 for x64-based systems" - }, - { - "version_value": "RT 8.1" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "version 1803 (Core Installation)" - }, - { - "version_value": "2019" - }, - { - "version_value": "2019 (Core installation)" - }, - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - }, - { - "version_value": "2012 R2" - }, - { - "version_value": "2012 R2 (Core installation)" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1903 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1903 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for 32-bit Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for x64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows 10 Version 1909 for ARM64-based Systems", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Windows Server, version 1909 (Server Core installation)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka \u0027Windows Work Folder Service Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0897" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0897", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0897" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0898.json b/2020/0xxx/CVE-2020-0898.json index add1470d602..d7166f347cf 100644 --- a/2020/0xxx/CVE-2020-0898.json +++ b/2020/0xxx/CVE-2020-0898.json @@ -1,76 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0898", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows", - "version": { - "version_data": [ - { - "version_value": "10 Version 1607 for 32-bit Systems" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] }, - { - "version_value": "10 Version 1607 for x64-based Systems" - } - ] + "vendor_name": "Microsoft" } - }, - { - "product_name": "Windows Server", - "version": { - "version_data": [ - { - "version_value": "2016" - }, - { - "version_value": "2016 (Core installation)" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka \u0027Windows Graphics Component Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0791." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0791." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0898" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0898", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0898" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0902.json b/2020/0xxx/CVE-2020-0902.json index e54f2548d22..9fe5582626c 100644 --- a/2020/0xxx/CVE-2020-0902.json +++ b/2020/0xxx/CVE-2020-0902.json @@ -1,60 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0902", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Service Fabric", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Fabric", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka \u0027Service Fabric Elevation of Privilege\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Elevation of Privilege" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0902" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0902", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0902" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0903.json b/2020/0xxx/CVE-2020-0903.json index 0679b155bb2..db98106b1ff 100644 --- a/2020/0xxx/CVE-2020-0903.json +++ b/2020/0xxx/CVE-2020-0903.json @@ -1,90 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0903", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka \u0027Microsoft Exchange Server Spoofing Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Spoofing" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0903" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0903", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0903" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0905.json b/2020/0xxx/CVE-2020-0905.json index 7084c22622f..cbd783a39fc 100644 --- a/2020/0xxx/CVE-2020-0905.json +++ b/2020/0xxx/CVE-2020-0905.json @@ -1,130 +1,132 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2020-0905", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Dynamics NAV 2018", - "version": { - "version_data": [ - { - "version_value": "" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Dynamics NAV 2018", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Dynamics NAV 2015", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Dynamics 365 BC On Premise", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Dynamics 365 Business Central 2019 Spring Update", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Dynamics NAV 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Dynamics NAV 2017", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Dynamics NAV 2013", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" } - }, - { - "product_name": "Microsoft Dynamics NAV 2015", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Dynamics 365 BC On Premise", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Dynamics 365 Business Central 2019 Spring Update", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Dynamics NAV 2016", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Dynamics NAV 2017", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Dynamics NAV 2013", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } ] - }, - "vendor_name": "Microsoft" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905" - } - ] - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905" + } + ] + } +} \ No newline at end of file From ccda830653c34073247eb45828dfeaa7205c83db Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 17:01:18 +0000 Subject: [PATCH 068/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10515.json | 18 +++++++++ 2020/9xxx/CVE-2020-9543.json | 71 +++++++++++++++++++++++++++++++--- 2 files changed, 83 insertions(+), 6 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10515.json diff --git a/2020/10xxx/CVE-2020-10515.json b/2020/10xxx/CVE-2020-10515.json new file mode 100644 index 00000000000..bfe1605942f --- /dev/null +++ b/2020/10xxx/CVE-2020-10515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9543.json b/2020/9xxx/CVE-2020-9543.json index 9fe3e5f323f..1cd6d77211e 100644 --- a/2020/9xxx/CVE-2020-9543.json +++ b/2020/9xxx/CVE-2020-9543.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9543", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9543", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/manila/+bug/1861485", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/manila/+bug/1861485" + }, + { + "refsource": "CONFIRM", + "name": "https://security.openstack.org/ossa/OSSA-2020-002.html", + "url": "https://security.openstack.org/ossa/OSSA-2020-002.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200311 [OSSA-2020-002] Manila: Unprivileged users can retrieve, use and manipulate share networks (CVE-2020-9543)", + "url": "http://www.openwall.com/lists/oss-security/2020/03/12/1" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/03/12/1", + "url": "http://www.openwall.com/lists/oss-security/2020/03/12/1" } ] } From 2e1fe7cca84b70e8718aaa6344f913d10237f002 Mon Sep 17 00:00:00 2001 From: Bill Situ Date: Thu, 12 Mar 2020 10:11:08 -0700 Subject: [PATCH 069/144] Bill Situ On branch cna/Oracle/CPU2020JanRev6 Changes to be committed: modified: 2020/2xxx/CVE-2020-2569.json modified: 2020/2xxx/CVE-2020-2592.json --- 2020/2xxx/CVE-2020-2569.json | 10 +++++++++- 2020/2xxx/CVE-2020-2592.json | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/2020/2xxx/CVE-2020-2569.json b/2020/2xxx/CVE-2020-2569.json index 51ba5058846..3047b23352f 100644 --- a/2020/2xxx/CVE-2020-2569.json +++ b/2020/2xxx/CVE-2020-2569.json @@ -15,6 +15,14 @@ "product_name": "PL/SQL", "version": { "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, { "version_value": "12.2.0.1", "version_affected": "=" @@ -44,7 +52,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + "value": "Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." } ] }, diff --git a/2020/2xxx/CVE-2020-2592.json b/2020/2xxx/CVE-2020-2592.json index ef46a73f322..b7e0a54e05b 100644 --- a/2020/2xxx/CVE-2020-2592.json +++ b/2020/2xxx/CVE-2020-2592.json @@ -16,7 +16,7 @@ "version": { "version_data": [ { - "version_value": "12.0.2", + "version_value": "21.0.2", "version_affected": "=" } ] @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + "value": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." } ] }, From 54ac9ee14655c70b694dfcfa62913c12cf657bb5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 18:01:17 +0000 Subject: [PATCH 070/144] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14625.json | 65 ++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14626.json | 65 ++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0501.json | 65 ++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0502.json | 65 ++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0503.json | 65 ++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0504.json | 71 +++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0505.json | 77 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0506.json | 71 +++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0507.json | 74 ++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1739.json | 5 ++- 10 files changed, 621 insertions(+), 2 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14625.json create mode 100644 2019/14xxx/CVE-2019-14626.json create mode 100644 2020/0xxx/CVE-2020-0501.json create mode 100644 2020/0xxx/CVE-2020-0502.json create mode 100644 2020/0xxx/CVE-2020-0503.json create mode 100644 2020/0xxx/CVE-2020-0504.json create mode 100644 2020/0xxx/CVE-2020-0505.json create mode 100644 2020/0xxx/CVE-2020-0506.json create mode 100644 2020/0xxx/CVE-2020-0507.json diff --git a/2019/14xxx/CVE-2019-14625.json b/2019/14xxx/CVE-2019-14625.json new file mode 100644 index 00000000000..0be143147a1 --- /dev/null +++ b/2019/14xxx/CVE-2019-14625.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14625", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) FPGA Programmable Acceleration Card N3000", + "version": { + "version_data": [ + { + "version_value": "All versions" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00319.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00319.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00319.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in on-card storage for the Intel\u00ae FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14626.json b/2019/14xxx/CVE-2019-14626.json new file mode 100644 index 00000000000..626e6804f6e --- /dev/null +++ b/2019/14xxx/CVE-2019-14626.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14626", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) FPGA Programmable Acceleration Card N3000", + "version": { + "version_data": [ + { + "version_value": "All versions" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00319.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00319.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00319.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in PCIe function for the Intel\u00ae FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0501.json b/2020/0xxx/CVE-2020-0501.json new file mode 100644 index 00000000000..2df8f01ee0a --- /dev/null +++ b/2020/0xxx/CVE-2020-0501.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0501", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before version 26.20.100.691" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0502.json b/2020/0xxx/CVE-2020-0502.json new file mode 100644 index 00000000000..b3885d74c9c --- /dev/null +++ b/2020/0xxx/CVE-2020-0502.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0502", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before version 26.20.100.6912" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0503.json b/2020/0xxx/CVE-2020-0503.json new file mode 100644 index 00000000000..cba7eec688c --- /dev/null +++ b/2020/0xxx/CVE-2020-0503.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0503", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before version 26.20.100.7212" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0504.json b/2020/0xxx/CVE-2020-0504.json new file mode 100644 index 00000000000..1556bdfa322 --- /dev/null +++ b/2020/0xxx/CVE-2020-0504.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0504", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before versions 15.40.44.5107" + }, + { + "version_value": "15.45.30.5103" + }, + { + "version_value": "26.20.100.7158" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable a denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0505.json b/2020/0xxx/CVE-2020-0505.json new file mode 100644 index 00000000000..e6f7ec9cc47 --- /dev/null +++ b/2020/0xxx/CVE-2020-0505.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0505", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before versions 15.33.49.5100" + }, + { + "version_value": "15.36.38.5117" + }, + { + "version_value": "15.40.44.5107" + }, + { + "version_value": "15.45.30.5103" + }, + { + "version_value": "26.20.100.7212" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0506.json b/2020/0xxx/CVE-2020-0506.json new file mode 100644 index 00000000000..6cf1c93f3d6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0506.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0506", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Driver", + "version": { + "version_data": [ + { + "version_value": "before versions 15.40.44.5107" + }, + { + "version_value": "15.45.29.5077" + }, + { + "version_value": "26.20.100.7000" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0507.json b/2020/0xxx/CVE-2020-0507.json new file mode 100644 index 00000000000..f7982fc369a --- /dev/null +++ b/2020/0xxx/CVE-2020-0507.json @@ -0,0 +1,74 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0507", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before versions 15.33.49.5100" + }, + { + "version_value": "15.36.38.5117" + }, + { + "version_value": "15.40.44.5107" + }, + { + "version_value": "15.45.30.5103" + }, + { + "version_value": "26.20.100.7212 - See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1739.json b/2020/1xxx/CVE-2020-1739.json index 633769f90af..4bdcb57dbbb 100644 --- a/2020/1xxx/CVE-2020-1739.json +++ b/2020/1xxx/CVE-2020-1739.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1739", - "ASSIGNER": "gsuckevi@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -54,7 +55,7 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739", "refsource": "CONFIRM" }, - { + { "url": "https://github.com/ansible/ansible/issues/67797", "name": "https://github.com/ansible/ansible/issues/67797", "refsource": "MISC" From cb2a2405b0e5ff0621763d7c1078b9fcd4714bd1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 19:01:07 +0000 Subject: [PATCH 071/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10516.json | 18 +++++++ 2020/10xxx/CVE-2020-10517.json | 18 +++++++ 2020/10xxx/CVE-2020-10518.json | 18 +++++++ 2020/10xxx/CVE-2020-10519.json | 18 +++++++ 2020/10xxx/CVE-2020-10520.json | 18 +++++++ 2020/10xxx/CVE-2020-10521.json | 18 +++++++ 2020/10xxx/CVE-2020-10522.json | 18 +++++++ 2020/10xxx/CVE-2020-10523.json | 18 +++++++ 2020/10xxx/CVE-2020-10524.json | 18 +++++++ 2020/10xxx/CVE-2020-10525.json | 18 +++++++ 2020/10xxx/CVE-2020-10526.json | 18 +++++++ 2020/10xxx/CVE-2020-10527.json | 18 +++++++ 2020/10xxx/CVE-2020-10528.json | 18 +++++++ 2020/10xxx/CVE-2020-10529.json | 18 +++++++ 2020/10xxx/CVE-2020-10530.json | 18 +++++++ 2020/10xxx/CVE-2020-10531.json | 87 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10532.json | 67 ++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10533.json | 18 +++++++ 18 files changed, 442 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10516.json create mode 100644 2020/10xxx/CVE-2020-10517.json create mode 100644 2020/10xxx/CVE-2020-10518.json create mode 100644 2020/10xxx/CVE-2020-10519.json create mode 100644 2020/10xxx/CVE-2020-10520.json create mode 100644 2020/10xxx/CVE-2020-10521.json create mode 100644 2020/10xxx/CVE-2020-10522.json create mode 100644 2020/10xxx/CVE-2020-10523.json create mode 100644 2020/10xxx/CVE-2020-10524.json create mode 100644 2020/10xxx/CVE-2020-10525.json create mode 100644 2020/10xxx/CVE-2020-10526.json create mode 100644 2020/10xxx/CVE-2020-10527.json create mode 100644 2020/10xxx/CVE-2020-10528.json create mode 100644 2020/10xxx/CVE-2020-10529.json create mode 100644 2020/10xxx/CVE-2020-10530.json create mode 100644 2020/10xxx/CVE-2020-10531.json create mode 100644 2020/10xxx/CVE-2020-10532.json create mode 100644 2020/10xxx/CVE-2020-10533.json diff --git a/2020/10xxx/CVE-2020-10516.json b/2020/10xxx/CVE-2020-10516.json new file mode 100644 index 00000000000..522c5d91342 --- /dev/null +++ b/2020/10xxx/CVE-2020-10516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10517.json b/2020/10xxx/CVE-2020-10517.json new file mode 100644 index 00000000000..531dce016a9 --- /dev/null +++ b/2020/10xxx/CVE-2020-10517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10518.json b/2020/10xxx/CVE-2020-10518.json new file mode 100644 index 00000000000..11936e7fa9f --- /dev/null +++ b/2020/10xxx/CVE-2020-10518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10519.json b/2020/10xxx/CVE-2020-10519.json new file mode 100644 index 00000000000..d1a72ddf789 --- /dev/null +++ b/2020/10xxx/CVE-2020-10519.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10519", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10520.json b/2020/10xxx/CVE-2020-10520.json new file mode 100644 index 00000000000..dbbc2122be2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10520.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10520", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10521.json b/2020/10xxx/CVE-2020-10521.json new file mode 100644 index 00000000000..f97ef40d9f0 --- /dev/null +++ b/2020/10xxx/CVE-2020-10521.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10521", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10522.json b/2020/10xxx/CVE-2020-10522.json new file mode 100644 index 00000000000..ea3db280900 --- /dev/null +++ b/2020/10xxx/CVE-2020-10522.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10522", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10523.json b/2020/10xxx/CVE-2020-10523.json new file mode 100644 index 00000000000..f6ac95cf8ff --- /dev/null +++ b/2020/10xxx/CVE-2020-10523.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10523", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10524.json b/2020/10xxx/CVE-2020-10524.json new file mode 100644 index 00000000000..d6d5febdac2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10524.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10524", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10525.json b/2020/10xxx/CVE-2020-10525.json new file mode 100644 index 00000000000..4e059e58f03 --- /dev/null +++ b/2020/10xxx/CVE-2020-10525.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10525", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10526.json b/2020/10xxx/CVE-2020-10526.json new file mode 100644 index 00000000000..f76daa549a7 --- /dev/null +++ b/2020/10xxx/CVE-2020-10526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10526", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10527.json b/2020/10xxx/CVE-2020-10527.json new file mode 100644 index 00000000000..c5c850ef8f0 --- /dev/null +++ b/2020/10xxx/CVE-2020-10527.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10527", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10528.json b/2020/10xxx/CVE-2020-10528.json new file mode 100644 index 00000000000..244ed44b378 --- /dev/null +++ b/2020/10xxx/CVE-2020-10528.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10528", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10529.json b/2020/10xxx/CVE-2020-10529.json new file mode 100644 index 00000000000..5ee67387c94 --- /dev/null +++ b/2020/10xxx/CVE-2020-10529.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10529", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10530.json b/2020/10xxx/CVE-2020-10530.json new file mode 100644 index 00000000000..5d25529be70 --- /dev/null +++ b/2020/10xxx/CVE-2020-10530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10530", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10531.json b/2020/10xxx/CVE-2020-10531.json new file mode 100644 index 00000000000..96544378768 --- /dev/null +++ b/2020/10xxx/CVE-2020-10531.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" + }, + { + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1044570", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=1044570" + }, + { + "url": "https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08", + "refsource": "MISC", + "name": "https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08" + }, + { + "url": "https://unicode-org.atlassian.net/browse/ICU-20958", + "refsource": "MISC", + "name": "https://unicode-org.atlassian.net/browse/ICU-20958" + }, + { + "url": "https://github.com/unicode-org/icu/pull/971", + "refsource": "MISC", + "name": "https://github.com/unicode-org/icu/pull/971" + }, + { + "url": "https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca", + "refsource": "MISC", + "name": "https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10532.json b/2020/10xxx/CVE-2020-10532.json new file mode 100644 index 00000000000..c3bfb0b53fd --- /dev/null +++ b/2020/10xxx/CVE-2020-10532.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_ad_helper_c.html", + "refsource": "MISC", + "name": "https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_ad_helper_c.html" + }, + { + "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-001/-credential-disclosure-in-watchguard-fireware-ad-helper-component", + "refsource": "MISC", + "name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-001/-credential-disclosure-in-watchguard-fireware-ad-helper-component" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10533.json b/2020/10xxx/CVE-2020-10533.json new file mode 100644 index 00000000000..79a21fd571f --- /dev/null +++ b/2020/10xxx/CVE-2020-10533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 4b040d7546afee9fffc8e7fc1e80006546327c35 Mon Sep 17 00:00:00 2001 From: PSIRT-NVIDIA Date: Thu, 12 Mar 2020 14:53:08 -0500 Subject: [PATCH 072/144] NVIDIA CVE assignments for GPU Display Driver - February 2020 --- 2020/5xxx/CVE-2020-5959.json | 76 ++++++++++++++++++++++++++++-------- 2020/5xxx/CVE-2020-5960.json | 76 ++++++++++++++++++++++++++++-------- 2020/5xxx/CVE-2020-5961.json | 76 ++++++++++++++++++++++++++++-------- 3 files changed, 177 insertions(+), 51 deletions(-) diff --git a/2020/5xxx/CVE-2020-5959.json b/2020/5xxx/CVE-2020-5959.json index b7a723a8454..de1e2693157 100644 --- a/2020/5xxx/CVE-2020-5959.json +++ b/2020/5xxx/CVE-2020-5959.json @@ -1,18 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5959", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "psirt@nvidia.com", + "ID" : "CVE-2020-5959", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA GPU Display Driver ", + "version" : { + "version_data" : [ + { + "version_value" : "ALL" + } + ] + } + } + ] + }, + "vendor_name" : "NVIDIA" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service. " + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "denial of service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" + } + ] + } +} diff --git a/2020/5xxx/CVE-2020-5960.json b/2020/5xxx/CVE-2020-5960.json index 2bc2f4f908f..6b54ac3190d 100644 --- a/2020/5xxx/CVE-2020-5960.json +++ b/2020/5xxx/CVE-2020-5960.json @@ -1,18 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "psirt@nvidia.com", + "ID" : "CVE-2020-5960", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA GPU Display Driver ", + "version" : { + "version_data" : [ + { + "version_value" : "ALL" + } + ] + } + } + ] + }, + "vendor_name" : "NVIDIA" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "denial of service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" + } + ] + } +} diff --git a/2020/5xxx/CVE-2020-5961.json b/2020/5xxx/CVE-2020-5961.json index c362be38223..e59da3520c5 100644 --- a/2020/5xxx/CVE-2020-5961.json +++ b/2020/5xxx/CVE-2020-5961.json @@ -1,18 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "psirt@nvidia.com", + "ID" : "CVE-2020-5961", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NVIDIA GPU Display Driver ", + "version" : { + "version_data" : [ + { + "version_value" : "ALL" + } + ] + } + } + ] + }, + "vendor_name" : "NVIDIA" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "denial of service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" + } + ] + } +} From 9be2474bcb2de7d63bb1dc815a400c4af978edb7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 20:01:20 +0000 Subject: [PATCH 073/144] "-Synchronized-Data." --- 2019/0xxx/CVE-2019-0205.json | 20 +++++++++ 2019/0xxx/CVE-2019-0210.json | 20 +++++++++ 2019/10xxx/CVE-2019-10086.json | 20 +++++++++ 2019/12xxx/CVE-2019-12400.json | 20 +++++++++ 2019/20xxx/CVE-2019-20444.json | 20 +++++++++ 2019/20xxx/CVE-2019-20445.json | 20 +++++++++ 2020/0xxx/CVE-2020-0508.json | 77 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0511.json | 65 ++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0514.json | 68 ++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0515.json | 77 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0516.json | 65 ++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0517.json | 65 ++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0519.json | 68 ++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0520.json | 74 ++++++++++++++++++++++++++++++++ 2020/7xxx/CVE-2020-7238.json | 20 +++++++++ 15 files changed, 699 insertions(+) create mode 100644 2020/0xxx/CVE-2020-0508.json create mode 100644 2020/0xxx/CVE-2020-0511.json create mode 100644 2020/0xxx/CVE-2020-0514.json create mode 100644 2020/0xxx/CVE-2020-0515.json create mode 100644 2020/0xxx/CVE-2020-0516.json create mode 100644 2020/0xxx/CVE-2020-0517.json create mode 100644 2020/0xxx/CVE-2020-0519.json create mode 100644 2020/0xxx/CVE-2020-0520.json diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index 09a1a94b91f..f246c0ae744 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -143,6 +143,26 @@ "refsource": "MLIST", "name": "[thrift-commits] 20200208 [thrift] 01/01: THRIFT-5075: Backport changes for CVE-2019-0205 to 0.9.3.1 branch", "url": "https://lists.apache.org/thread.html/r573029c2f8632e3174b9eea7cd57f9c9df33f2f706450e23fc57750a@%3Ccommits.thrift.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0806", + "url": "https://access.redhat.com/errata/RHSA-2020:0806" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0811", + "url": "https://access.redhat.com/errata/RHSA-2020:0811" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0804", + "url": "https://access.redhat.com/errata/RHSA-2020:0804" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0805", + "url": "https://access.redhat.com/errata/RHSA-2020:0805" } ] }, diff --git a/2019/0xxx/CVE-2019-0210.json b/2019/0xxx/CVE-2019-0210.json index 5e1b90d8f19..56a854cdf17 100644 --- a/2019/0xxx/CVE-2019-0210.json +++ b/2019/0xxx/CVE-2019-0210.json @@ -48,6 +48,26 @@ "refsource": "CONFIRM", "name": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E", "url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0806", + "url": "https://access.redhat.com/errata/RHSA-2020:0806" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0811", + "url": "https://access.redhat.com/errata/RHSA-2020:0811" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0804", + "url": "https://access.redhat.com/errata/RHSA-2020:0804" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0805", + "url": "https://access.redhat.com/errata/RHSA-2020:0805" } ] }, diff --git a/2019/10xxx/CVE-2019-10086.json b/2019/10xxx/CVE-2019-10086.json index 3065e783fb1..1fe31ff6338 100644 --- a/2019/10xxx/CVE-2019-10086.json +++ b/2019/10xxx/CVE-2019-10086.json @@ -148,6 +148,26 @@ "refsource": "REDHAT", "name": "RHSA-2020:0194", "url": "https://access.redhat.com/errata/RHSA-2020:0194" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0806", + "url": "https://access.redhat.com/errata/RHSA-2020:0806" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0811", + "url": "https://access.redhat.com/errata/RHSA-2020:0811" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0804", + "url": "https://access.redhat.com/errata/RHSA-2020:0804" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0805", + "url": "https://access.redhat.com/errata/RHSA-2020:0805" } ] }, diff --git a/2019/12xxx/CVE-2019-12400.json b/2019/12xxx/CVE-2019-12400.json index 269071d82eb..7acd93955f0 100644 --- a/2019/12xxx/CVE-2019-12400.json +++ b/2019/12xxx/CVE-2019-12400.json @@ -66,6 +66,26 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190910-0003/", "url": "https://security.netapp.com/advisory/ntap-20190910-0003/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0806", + "url": "https://access.redhat.com/errata/RHSA-2020:0806" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0811", + "url": "https://access.redhat.com/errata/RHSA-2020:0811" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0804", + "url": "https://access.redhat.com/errata/RHSA-2020:0804" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0805", + "url": "https://access.redhat.com/errata/RHSA-2020:0805" } ] }, diff --git a/2019/20xxx/CVE-2019-20444.json b/2019/20xxx/CVE-2019-20444.json index b3836ee78a8..0ca010ceec7 100644 --- a/2019/20xxx/CVE-2019-20444.json +++ b/2019/20xxx/CVE-2019-20444.json @@ -271,6 +271,26 @@ "refsource": "MLIST", "name": "[hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", "url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0806", + "url": "https://access.redhat.com/errata/RHSA-2020:0806" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0811", + "url": "https://access.redhat.com/errata/RHSA-2020:0811" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0804", + "url": "https://access.redhat.com/errata/RHSA-2020:0804" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0805", + "url": "https://access.redhat.com/errata/RHSA-2020:0805" } ] } diff --git a/2019/20xxx/CVE-2019-20445.json b/2019/20xxx/CVE-2019-20445.json index e8445711593..b6d6283b899 100644 --- a/2019/20xxx/CVE-2019-20445.json +++ b/2019/20xxx/CVE-2019-20445.json @@ -201,6 +201,26 @@ "refsource": "MLIST", "name": "[spark-reviews] 20200310 [GitHub] [spark] dongjoon-hyun commented on issue #27870: [SPARK-31095][BUILD][2.4] Upgrade netty-all to 4.1.47.Final", "url": "https://lists.apache.org/thread.html/r46f93de62b1e199f3f9babb18128681677c53493546f532ed88c359d@%3Creviews.spark.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0806", + "url": "https://access.redhat.com/errata/RHSA-2020:0806" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0811", + "url": "https://access.redhat.com/errata/RHSA-2020:0811" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0804", + "url": "https://access.redhat.com/errata/RHSA-2020:0804" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0805", + "url": "https://access.redhat.com/errata/RHSA-2020:0805" } ] } diff --git a/2020/0xxx/CVE-2020-0508.json b/2020/0xxx/CVE-2020-0508.json new file mode 100644 index 00000000000..a66b50b4c1b --- /dev/null +++ b/2020/0xxx/CVE-2020-0508.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0508", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before versions 15.33.49.5100" + }, + { + "version_value": "15.36.38.5117" + }, + { + "version_value": "15.40.44.5107" + }, + { + "version_value": "15.45.30.5103" + }, + { + "version_value": "and 26.20.100.7212" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0511.json b/2020/0xxx/CVE-2020-0511.json new file mode 100644 index 00000000000..87e50ac626c --- /dev/null +++ b/2020/0xxx/CVE-2020-0511.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0511", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before version 15.40.44.5107" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0514.json b/2020/0xxx/CVE-2020-0514.json new file mode 100644 index 00000000000..b3efaaa00a0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0514.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0514", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before versions 26.20.100.7463" + }, + { + "version_value": "15.45.30.5103" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0515.json b/2020/0xxx/CVE-2020-0515.json new file mode 100644 index 00000000000..d05a00ef372 --- /dev/null +++ b/2020/0xxx/CVE-2020-0515.json @@ -0,0 +1,77 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0515", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before versions 26.20.100.7584" + }, + { + "version_value": "15.45.30.5103" + }, + { + "version_value": "15.40.44.5107" + }, + { + "version_value": "15.36.38.5117" + }, + { + "version_value": "15.33.49.5100" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0516.json b/2020/0xxx/CVE-2020-0516.json new file mode 100644 index 00000000000..81890ec0c4e --- /dev/null +++ b/2020/0xxx/CVE-2020-0516.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0516", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before version 26.20.100.7463" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0517.json b/2020/0xxx/CVE-2020-0517.json new file mode 100644 index 00000000000..7b5773e23cb --- /dev/null +++ b/2020/0xxx/CVE-2020-0517.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0517", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before version 15.36.38.5117" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0519.json b/2020/0xxx/CVE-2020-0519.json new file mode 100644 index 00000000000..7d7e6b4dc4d --- /dev/null +++ b/2020/0xxx/CVE-2020-0519.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0519", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before versions 15.33.49.5100" + }, + { + "version_value": "15.36.38.5117" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0520.json b/2020/0xxx/CVE-2020-0520.json new file mode 100644 index 00000000000..294a4bb9195 --- /dev/null +++ b/2020/0xxx/CVE-2020-0520.json @@ -0,0 +1,74 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0520", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before versions 15.45.30.5103" + }, + { + "version_value": "15.40.44.5107" + }, + { + "version_value": "15.36.38.5117" + }, + { + "version_value": "15.33.49.5100" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7238.json b/2020/7xxx/CVE-2020-7238.json index 787bdeec3f3..33dd42856f6 100644 --- a/2020/7xxx/CVE-2020-7238.json +++ b/2020/7xxx/CVE-2020-7238.json @@ -96,6 +96,26 @@ "refsource": "REDHAT", "name": "RHSA-2020:0567", "url": "https://access.redhat.com/errata/RHSA-2020:0567" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0806", + "url": "https://access.redhat.com/errata/RHSA-2020:0806" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0811", + "url": "https://access.redhat.com/errata/RHSA-2020:0811" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0804", + "url": "https://access.redhat.com/errata/RHSA-2020:0804" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0805", + "url": "https://access.redhat.com/errata/RHSA-2020:0805" } ] } From fbf59f2d8c719bae74b20e70da287831af04d3b8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 21:01:11 +0000 Subject: [PATCH 074/144] "-Synchronized-Data." --- 2015/3xxx/CVE-2015-3641.json | 48 ++++++++++++- 2016/6xxx/CVE-2016-6814.json | 5 ++ 2017/18xxx/CVE-2017-18350.json | 53 ++++++++++++++- 2018/10xxx/CVE-2018-10704.json | 53 ++++++++++++++- 2018/19xxx/CVE-2018-19516.json | 48 ++++++++++++- 2018/20xxx/CVE-2018-20586.json | 48 ++++++++++++- 2019/11xxx/CVE-2019-11343.json | 61 +++++++++++++++-- 2019/11xxx/CVE-2019-11355.json | 56 +++++++++++++-- 2019/11xxx/CVE-2019-11745.json | 5 ++ 2019/17xxx/CVE-2019-17005.json | 5 ++ 2019/17xxx/CVE-2019-17008.json | 5 ++ 2019/17xxx/CVE-2019-17010.json | 5 ++ 2019/17xxx/CVE-2019-17011.json | 5 ++ 2019/17xxx/CVE-2019-17012.json | 5 ++ 2019/17xxx/CVE-2019-17016.json | 5 ++ 2019/17xxx/CVE-2019-17017.json | 5 ++ 2019/17xxx/CVE-2019-17022.json | 5 ++ 2019/17xxx/CVE-2019-17024.json | 5 ++ 2019/17xxx/CVE-2019-17026.json | 5 ++ 2019/20xxx/CVE-2019-20503.json | 5 ++ 2020/0xxx/CVE-2020-0526.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0530.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0546.json | 65 ++++++++++++++++++ 2020/0xxx/CVE-2020-0556.json | 62 +++++++++++++++++ 2020/0xxx/CVE-2020-0565.json | 65 ++++++++++++++++++ 2020/0xxx/CVE-2020-0567.json | 65 ++++++++++++++++++ 2020/0xxx/CVE-2020-0574.json | 65 ++++++++++++++++++ 2020/10xxx/CVE-2020-10018.json | 15 +++-- 2020/5xxx/CVE-2020-5959.json | 120 +++++++++++++++++---------------- 2020/5xxx/CVE-2020-5960.json | 120 +++++++++++++++++---------------- 2020/5xxx/CVE-2020-5961.json | 120 +++++++++++++++++---------------- 2020/6xxx/CVE-2020-6796.json | 5 ++ 2020/6xxx/CVE-2020-6797.json | 5 ++ 2020/6xxx/CVE-2020-6798.json | 5 ++ 2020/6xxx/CVE-2020-6799.json | 5 ++ 2020/6xxx/CVE-2020-6800.json | 5 ++ 36 files changed, 1074 insertions(+), 204 deletions(-) create mode 100644 2020/0xxx/CVE-2020-0526.json create mode 100644 2020/0xxx/CVE-2020-0530.json create mode 100644 2020/0xxx/CVE-2020-0546.json create mode 100644 2020/0xxx/CVE-2020-0556.json create mode 100644 2020/0xxx/CVE-2020-0565.json create mode 100644 2020/0xxx/CVE-2020-0567.json create mode 100644 2020/0xxx/CVE-2020-0574.json diff --git a/2015/3xxx/CVE-2015-3641.json b/2015/3xxx/CVE-2015-3641.json index c4fda6289cd..28211ea7331 100644 --- a/2015/3xxx/CVE-2015-3641.json +++ b/2015/3xxx/CVE-2015-3641.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3641", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an \"Easy\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", + "refsource": "MISC", + "name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures" } ] } diff --git a/2016/6xxx/CVE-2016-6814.json b/2016/6xxx/CVE-2016-6814.json index 02237fdac5c..f5c00e852d3 100644 --- a/2016/6xxx/CVE-2016-6814.json +++ b/2016/6xxx/CVE-2016-6814.json @@ -122,6 +122,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-01", + "url": "https://security.gentoo.org/glsa/202003-01" } ] } diff --git a/2017/18xxx/CVE-2017-18350.json b/2017/18xxx/CVE-2017-18350.json index 56c2f01bbbb..4a5db94a610 100644 --- a/2017/18xxx/CVE-2017-18350.json +++ b/2017/18xxx/CVE-2017-18350.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18350", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", + "refsource": "MISC", + "name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5", + "url": "https://medium.com/@lukedashjr/cve-2017-18350-disclosure-fe6d695f45d5" } ] } diff --git a/2018/10xxx/CVE-2018-10704.json b/2018/10xxx/CVE-2018-10704.json index 19de3cbee43..fa0bcb1d41a 100644 --- a/2018/10xxx/CVE-2018-10704.json +++ b/2018/10xxx/CVE-2018-10704.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10704", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "yidashi yii2cmf 2.0 has XSS via the /search q parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yidashi/yii2cmf", + "refsource": "MISC", + "name": "https://github.com/yidashi/yii2cmf" + }, + { + "refsource": "MISC", + "name": "http://testh5shanglv.minshengec.com:1024/phpmyadmin/doc/yii2cmf_xss.htm", + "url": "http://testh5shanglv.minshengec.com:1024/phpmyadmin/doc/yii2cmf_xss.htm" } ] } diff --git a/2018/19xxx/CVE-2018-19516.json b/2018/19xxx/CVE-2018-19516.json index 5d8f992dab6..036b3cb2ef2 100644 --- a/2018/19xxx/CVE-2018-19516.json +++ b/2018/19xxx/CVE-2018-19516.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19516", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv=\"REFRESH\" value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cgit.kde.org/messagelib.git/commit/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp?id=34765909cdf8e55402a8567b48fb288839c61612", + "refsource": "MISC", + "name": "https://cgit.kde.org/messagelib.git/commit/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp?id=34765909cdf8e55402a8567b48fb288839c61612" } ] } diff --git a/2018/20xxx/CVE-2018-20586.json b/2018/20xxx/CVE-2018-20586.json index c25e02680cd..3a9ee170a48 100644 --- a/2018/20xxx/CVE-2018-20586.json +++ b/2018/20xxx/CVE-2018-20586.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20586", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586", + "refsource": "MISC", + "name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586" } ] } diff --git a/2019/11xxx/CVE-2019-11343.json b/2019/11xxx/CVE-2019-11343.json index 1ccf0c04f26..bf4ae380506 100644 --- a/2019/11xxx/CVE-2019-11343.json +++ b/2019/11xxx/CVE-2019-11343.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11343", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11343", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f", + "url": "https://github.com/xjodoin/torpedoquery/commit/3c20b874fba9cc2a78b9ace10208de1602b56c3f" + }, + { + "refsource": "MISC", + "name": "https://github.com/xjodoin/torpedoquery/compare/v2.5.2...v2.5.3", + "url": "https://github.com/xjodoin/torpedoquery/compare/v2.5.2...v2.5.3" } ] } diff --git a/2019/11xxx/CVE-2019-11355.json b/2019/11xxx/CVE-2019-11355.json index 45fbfb772e8..fd83c4c5516 100644 --- a/2019/11xxx/CVE-2019-11355.json +++ b/2019/11xxx/CVE-2019-11355.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11355", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11355", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf", + "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf" } ] } diff --git a/2019/11xxx/CVE-2019-11745.json b/2019/11xxx/CVE-2019-11745.json index 359bfbbc5da..f98037198c7 100644 --- a/2019/11xxx/CVE-2019-11745.json +++ b/2019/11xxx/CVE-2019-11745.json @@ -113,6 +113,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0466", "url": "https://access.redhat.com/errata/RHSA-2020:0466" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/17xxx/CVE-2019-17005.json b/2019/17xxx/CVE-2019-17005.json index 9621202f40a..255f00431da 100644 --- a/2019/17xxx/CVE-2019-17005.json +++ b/2019/17xxx/CVE-2019-17005.json @@ -108,6 +108,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0295", "url": "https://access.redhat.com/errata/RHSA-2020:0295" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/17xxx/CVE-2019-17008.json b/2019/17xxx/CVE-2019-17008.json index c1e994d5b39..489dff0c866 100644 --- a/2019/17xxx/CVE-2019-17008.json +++ b/2019/17xxx/CVE-2019-17008.json @@ -108,6 +108,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0295", "url": "https://access.redhat.com/errata/RHSA-2020:0295" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/17xxx/CVE-2019-17010.json b/2019/17xxx/CVE-2019-17010.json index aafbe1fb0b0..c3cc91dcbaa 100644 --- a/2019/17xxx/CVE-2019-17010.json +++ b/2019/17xxx/CVE-2019-17010.json @@ -108,6 +108,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0295", "url": "https://access.redhat.com/errata/RHSA-2020:0295" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/17xxx/CVE-2019-17011.json b/2019/17xxx/CVE-2019-17011.json index 1ed8f4cb42f..3120697b4cf 100644 --- a/2019/17xxx/CVE-2019-17011.json +++ b/2019/17xxx/CVE-2019-17011.json @@ -108,6 +108,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0295", "url": "https://access.redhat.com/errata/RHSA-2020:0295" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/17xxx/CVE-2019-17012.json b/2019/17xxx/CVE-2019-17012.json index a37abff1117..2b769399e47 100644 --- a/2019/17xxx/CVE-2019-17012.json +++ b/2019/17xxx/CVE-2019-17012.json @@ -108,6 +108,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0295", "url": "https://access.redhat.com/errata/RHSA-2020:0295" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index 596505b2e9d..1d788c146a5 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -168,6 +168,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0295", "url": "https://access.redhat.com/errata/RHSA-2020:0295" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 3a245ce6c09..8fdc7ecab04 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -168,6 +168,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0295", "url": "https://access.redhat.com/errata/RHSA-2020:0295" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index 20f34c85ee7..946c64fce79 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -168,6 +168,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0295", "url": "https://access.redhat.com/errata/RHSA-2020:0295" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index 2f06cb1f9e2..9ed014c4b7e 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -168,6 +168,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0295", "url": "https://access.redhat.com/errata/RHSA-2020:0295" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/17xxx/CVE-2019-17026.json b/2019/17xxx/CVE-2019-17026.json index 5a82bcef726..bc4406a7a95 100644 --- a/2019/17xxx/CVE-2019-17026.json +++ b/2019/17xxx/CVE-2019-17026.json @@ -81,6 +81,11 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1607443", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1607443" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2019/20xxx/CVE-2019-20503.json b/2019/20xxx/CVE-2019-20503.json index ad7037fda93..5988a5233c4 100644 --- a/2019/20xxx/CVE-2019-20503.json +++ b/2019/20xxx/CVE-2019-20503.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4639", "url": "https://www.debian.org/security/2020/dsa-4639" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] } diff --git a/2020/0xxx/CVE-2020-0526.json b/2020/0xxx/CVE-2020-0526.json new file mode 100644 index 00000000000..ea467927bc9 --- /dev/null +++ b/2020/0xxx/CVE-2020-0526.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0526", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) NUC Firmware", + "version": { + "version_data": [ + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0530.json b/2020/0xxx/CVE-2020-0530.json new file mode 100644 index 00000000000..e5d91d5a41c --- /dev/null +++ b/2020/0xxx/CVE-2020-0530.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0530", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) NUC Firmware", + "version": { + "version_data": [ + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper buffer restrictions in firmware for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0546.json b/2020/0xxx/CVE-2020-0546.json new file mode 100644 index 00000000000..f3662af7ca6 --- /dev/null +++ b/2020/0xxx/CVE-2020-0546.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0546", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel\u00ae Optane(TM) DC Persistent Memory Module Management Software", + "version": { + "version_data": [ + { + "version_value": "before version 1.0.0.3461" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00326.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00326.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00326.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0556.json b/2020/0xxx/CVE-2020-0556.json new file mode 100644 index 00000000000..ddcdb404983 --- /dev/null +++ b/2020/0xxx/CVE-2020-0556.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0556", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "BlueZ Advisory", + "version": { + "version_data": [ + { + "version_value": "before version 5.53" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in subsystem for BlueZ before version 5.53 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0565.json b/2020/0xxx/CVE-2020-0565.json new file mode 100644 index 00000000000..a6a53c8ec36 --- /dev/null +++ b/2020/0xxx/CVE-2020-0565.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0565", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before version 26.20.100.7158" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0567.json b/2020/0xxx/CVE-2020-0567.json new file mode 100644 index 00000000000..6828a2433cb --- /dev/null +++ b/2020/0xxx/CVE-2020-0567.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0567", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Drivers", + "version": { + "version_data": [ + { + "version_value": "before version 26.20.100.7212" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0574.json b/2020/0xxx/CVE-2020-0574.json new file mode 100644 index 00000000000..0d5633dca64 --- /dev/null +++ b/2020/0xxx/CVE-2020-0574.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0574", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) MAX(R) 10 FPGA", + "version": { + "version_data": [ + { + "version_value": "All versions" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00349.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00349.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00349.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all versions may allow an authenticated user to potentially enable information disclosure via physical access." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10018.json b/2020/10xxx/CVE-2020-10018.json index 97ec8dfc153..6de5be3f591 100644 --- a/2020/10xxx/CVE-2020-10018.json +++ b/2020/10xxx/CVE-2020-10018.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4, allows a denial of service (application crash) because maintenance of the m_deferredFocusedNodeChange data structure mishandles removal." + "value": "WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling." } ] }, @@ -53,14 +53,19 @@ "references": { "reference_data": [ { - "url": "https://bugs.webkit.org/show_bug.cgi?id=204342", "refsource": "MISC", - "name": "https://bugs.webkit.org/show_bug.cgi?id=204342" + "name": "https://bugs.webkit.org/show_bug.cgi?id=204342#c21", + "url": "https://bugs.webkit.org/show_bug.cgi?id=204342#c21" }, { - "url": "https://trac.webkit.org/changeset/257292", "refsource": "MISC", - "name": "https://trac.webkit.org/changeset/257292" + "name": "https://webkitgtk.org/security/WSA-2020-0003.html", + "url": "https://webkitgtk.org/security/WSA-2020-0003.html" + }, + { + "refsource": "MISC", + "name": "https://wpewebkit.org/security/WSA-2020-0003.html", + "url": "https://wpewebkit.org/security/WSA-2020-0003.html" } ] } diff --git a/2020/5xxx/CVE-2020-5959.json b/2020/5xxx/CVE-2020-5959.json index de1e2693157..5ac1be2ba0b 100644 --- a/2020/5xxx/CVE-2020-5959.json +++ b/2020/5xxx/CVE-2020-5959.json @@ -1,60 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2020-5959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVIDIA GPU Display Driver ", - "version" : { - "version_data" : [ - { - "version_value" : "ALL" - } - ] - } - } - ] - }, - "vendor_name" : "NVIDIA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service. " - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2020-5959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA GPU Display Driver ", + "version": { + "version_data": [ + { + "version_value": "ALL" + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", + "refsource": "MISC", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5960.json b/2020/5xxx/CVE-2020-5960.json index 6b54ac3190d..4a2f030b3d3 100644 --- a/2020/5xxx/CVE-2020-5960.json +++ b/2020/5xxx/CVE-2020-5960.json @@ -1,60 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2020-5960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVIDIA GPU Display Driver ", - "version" : { - "version_data" : [ - { - "version_value" : "ALL" - } - ] - } - } - ] - }, - "vendor_name" : "NVIDIA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2020-5960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA GPU Display Driver ", + "version": { + "version_data": [ + { + "version_value": "ALL" + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", + "refsource": "MISC", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5961.json b/2020/5xxx/CVE-2020-5961.json index e59da3520c5..eaee46bb84f 100644 --- a/2020/5xxx/CVE-2020-5961.json +++ b/2020/5xxx/CVE-2020-5961.json @@ -1,60 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2020-5961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVIDIA GPU Display Driver ", - "version" : { - "version_data" : [ - { - "version_value" : "ALL" - } - ] - } - } - ] - }, - "vendor_name" : "NVIDIA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2020-5961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA GPU Display Driver ", + "version": { + "version_data": [ + { + "version_value": "ALL" + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996", + "refsource": "MISC", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4996" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6796.json b/2020/6xxx/CVE-2020-6796.json index 41ec254bd53..5a8f9eb538c 100644 --- a/2020/6xxx/CVE-2020-6796.json +++ b/2020/6xxx/CVE-2020-6796.json @@ -68,6 +68,11 @@ "refsource": "UBUNTU", "name": "USN-4278-2", "url": "https://usn.ubuntu.com/4278-2/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2020/6xxx/CVE-2020-6797.json b/2020/6xxx/CVE-2020-6797.json index e0479bc8095..93b357761d9 100644 --- a/2020/6xxx/CVE-2020-6797.json +++ b/2020/6xxx/CVE-2020-6797.json @@ -79,6 +79,11 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1596668", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1596668" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2020/6xxx/CVE-2020-6798.json b/2020/6xxx/CVE-2020-6798.json index 3610b1999a0..7ba5354c022 100644 --- a/2020/6xxx/CVE-2020-6798.json +++ b/2020/6xxx/CVE-2020-6798.json @@ -84,6 +84,11 @@ "refsource": "UBUNTU", "name": "USN-4278-2", "url": "https://usn.ubuntu.com/4278-2/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2020/6xxx/CVE-2020-6799.json b/2020/6xxx/CVE-2020-6799.json index ae37d3eeb8c..7bd905b8108 100644 --- a/2020/6xxx/CVE-2020-6799.json +++ b/2020/6xxx/CVE-2020-6799.json @@ -63,6 +63,11 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1606596", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1606596" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, diff --git a/2020/6xxx/CVE-2020-6800.json b/2020/6xxx/CVE-2020-6800.json index 1171ecbdb78..d1a34c27c00 100644 --- a/2020/6xxx/CVE-2020-6800.json +++ b/2020/6xxx/CVE-2020-6800.json @@ -84,6 +84,11 @@ "refsource": "UBUNTU", "name": "USN-4278-2", "url": "https://usn.ubuntu.com/4278-2/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-02", + "url": "https://security.gentoo.org/glsa/202003-02" } ] }, From cb22b44503dd485a9979497d05ea8d1c08453456 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 22:01:10 +0000 Subject: [PATCH 075/144] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10129.json | 5 +++ 2019/10xxx/CVE-2019-10130.json | 5 +++ 2019/10xxx/CVE-2019-10164.json | 5 +++ 2019/12xxx/CVE-2019-12278.json | 61 +++++++++++++++++++++++++++--- 2019/16xxx/CVE-2019-16156.json | 68 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17658.json | 62 +++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0550.json | 62 +++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0551.json | 62 +++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0583.json | 68 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0618.json | 5 +++ 2020/10xxx/CVE-2020-10220.json | 5 +++ 2020/10xxx/CVE-2020-10221.json | 5 +++ 2020/6xxx/CVE-2020-6643.json | 50 +++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9064.json | 50 +++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9371.json | 5 +++ 2020/9xxx/CVE-2020-9372.json | 5 +++ 16 files changed, 511 insertions(+), 12 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16156.json create mode 100644 2019/17xxx/CVE-2019-17658.json create mode 100644 2020/0xxx/CVE-2020-0550.json create mode 100644 2020/0xxx/CVE-2020-0551.json create mode 100644 2020/0xxx/CVE-2020-0583.json diff --git a/2019/10xxx/CVE-2019-10129.json b/2019/10xxx/CVE-2019-10129.json index 3a8b0d1c537..aef1101cf19 100644 --- a/2019/10xxx/CVE-2019-10129.json +++ b/2019/10xxx/CVE-2019-10129.json @@ -53,6 +53,11 @@ "url": "https://www.postgresql.org/about/news/1939/", "refsource": "MISC", "name": "https://www.postgresql.org/about/news/1939/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-03", + "url": "https://security.gentoo.org/glsa/202003-03" } ] }, diff --git a/2019/10xxx/CVE-2019-10130.json b/2019/10xxx/CVE-2019-10130.json index 132abf93fb0..43223d3806b 100644 --- a/2019/10xxx/CVE-2019-10130.json +++ b/2019/10xxx/CVE-2019-10130.json @@ -62,6 +62,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130", "refsource": "CONFIRM" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-03", + "url": "https://security.gentoo.org/glsa/202003-03" } ] }, diff --git a/2019/10xxx/CVE-2019-10164.json b/2019/10xxx/CVE-2019-10164.json index cdda37a5d1a..638928fe7f1 100644 --- a/2019/10xxx/CVE-2019-10164.json +++ b/2019/10xxx/CVE-2019-10164.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-e43f49b428", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-03", + "url": "https://security.gentoo.org/glsa/202003-03" } ] }, diff --git a/2019/12xxx/CVE-2019-12278.json b/2019/12xxx/CVE-2019-12278.json index e4d8379a3e1..af84b0d8ae4 100644 --- a/2019/12xxx/CVE-2019-12278.json +++ b/2019/12xxx/CVE-2019-12278.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12278", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12278", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the \"first strong character\" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://help.opera.com/en/latest/security-and-privacy/", + "refsource": "MISC", + "name": "https://help.opera.com/en/latest/security-and-privacy/" + }, + { + "refsource": "MISC", + "name": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c", + "url": "https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c" } ] } diff --git a/2019/16xxx/CVE-2019-16156.json b/2019/16xxx/CVE-2019-16156.json new file mode 100644 index 00000000000..7e2d7b53d94 --- /dev/null +++ b/2019/16xxx/CVE-2019-16156.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16156", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiWeb", + "version": { + "version_data": [ + { + "version_value": "6.0.5" + }, + { + "version_value": "6.2.0" + }, + { + "version_value": "6.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-265", + "url": "https://fortiguard.com/advisory/FG-IR-19-265" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS)." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17658.json b/2019/17xxx/CVE-2019-17658.json new file mode 100644 index 00000000000..c1d37c5dc53 --- /dev/null +++ b/2019/17xxx/CVE-2019-17658.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17658", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClientWindows", + "version": { + "version_data": [ + { + "version_value": "6.2.2 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-281", + "url": "https://fortiguard.com/advisory/FG-IR-19-281" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0550.json b/2020/0xxx/CVE-2020-0550.json new file mode 100644 index 00000000000..b2a36cccb95 --- /dev/null +++ b/2020/0xxx/CVE-2020-0550.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0550", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Snoop Assisted L1D Sampling Advisory", + "version": { + "version_data": [ + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0551.json b/2020/0xxx/CVE-2020-0551.json new file mode 100644 index 00000000000..db15da558e7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0551.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0551", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors Load Value Injection", + "version": { + "version_data": [ + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0583.json b/2020/0xxx/CVE-2020-0583.json new file mode 100644 index 00000000000..5b9b3609a14 --- /dev/null +++ b/2020/0xxx/CVE-2020-0583.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0583", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel\u00ae Smart Sound Technology", + "version": { + "version_data": [ + { + "version_value": "before 10th Generation Intel\u00ae Core\u2122 i7 Processors - version 3431" + }, + { + "version_value": "before 8th Generation Intel\u00ae Core\u2122 Processors - version 3349" + }, + { + "version_value": "See advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00354.html" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00354.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00354.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access. This affects Intel\u00ae Smart Sound Technology before versions: 10th Generation Intel\u00ae Core\u2122 i7 Processors, version 3431 and 8th Generation Intel\u00ae Core\u2122 Processors, version 3349." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0618.json b/2020/0xxx/CVE-2020-0618.json index e3292c0975b..843fd96940b 100644 --- a/2020/0xxx/CVE-2020-0618.json +++ b/2020/0xxx/CVE-2020-0618.json @@ -112,6 +112,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html", + "url": "http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html" } ] } diff --git a/2020/10xxx/CVE-2020-10220.json b/2020/10xxx/CVE-2020-10220.json index b25372b5bc7..19ed2c99d1b 100644 --- a/2020/10xxx/CVE-2020-10220.json +++ b/2020/10xxx/CVE-2020-10220.json @@ -56,6 +56,11 @@ "url": "https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_sqli.py", "refsource": "MISC", "name": "https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_sqli.py" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156688/rConfig-3.9-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/156688/rConfig-3.9-SQL-Injection.html" } ] } diff --git a/2020/10xxx/CVE-2020-10221.json b/2020/10xxx/CVE-2020-10221.json index 08be32dea96..e7b8d8a8579 100644 --- a/2020/10xxx/CVE-2020-10221.json +++ b/2020/10xxx/CVE-2020-10221.json @@ -61,6 +61,11 @@ "url": "https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/rconfig-3.93-rce.html", "refsource": "MISC", "name": "https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/rconfig-3.93-rce.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156687/rConfig-3.93-Authenticated-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156687/rConfig-3.93-Authenticated-Remote-Code-Execution.html" } ] } diff --git a/2020/6xxx/CVE-2020-6643.json b/2020/6xxx/CVE-2020-6643.json index db25cae0162..052df27a77b 100644 --- a/2020/6xxx/CVE-2020-6643.json +++ b/2020/6xxx/CVE-2020-6643.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiIsolator", + "version": { + "version_data": [ + { + "version_value": "1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-270", + "url": "https://fortiguard.com/advisory/FG-IR-19-270" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS)." } ] } diff --git a/2020/9xxx/CVE-2020-9064.json b/2020/9xxx/CVE-2020-9064.json index f41920a6cf4..5d4bc26bda4 100644 --- a/2020/9xxx/CVE-2020-9064.json +++ b/2020/9xxx/CVE-2020-9064.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9064", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Honor V30", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-202003116-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-202003116-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak." } ] } diff --git a/2020/9xxx/CVE-2020-9371.json b/2020/9xxx/CVE-2020-9371.json index 20a3c5b4dc9..97a9b801f0a 100644 --- a/2020/9xxx/CVE-2020-9371.json +++ b/2020/9xxx/CVE-2020-9371.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://wpvulndb.com/vulnerabilities/10110", "url": "https://wpvulndb.com/vulnerabilities/10110" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html", + "url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html" } ] } diff --git a/2020/9xxx/CVE-2020-9372.json b/2020/9xxx/CVE-2020-9372.json index 48a4e350d78..b48a06c75f3 100644 --- a/2020/9xxx/CVE-2020-9372.json +++ b/2020/9xxx/CVE-2020-9372.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://www.hotdreamweaver.com/support/view.php?id=815925", "url": "https://www.hotdreamweaver.com/support/view.php?id=815925" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html", + "url": "http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html" } ] } From 5bf142070629775fd9ed596d6cda8cdb31316401 Mon Sep 17 00:00:00 2001 From: jpattrendmicro Date: Thu, 12 Mar 2020 16:00:51 -0700 Subject: [PATCH 076/144] CVE-2020-8469 Trend Micro --- 2020/8xxx/CVE-2020-8469.json | 76 ++++++++++++++++++++++++++++-------- 1 file changed, 59 insertions(+), 17 deletions(-) diff --git a/2020/8xxx/CVE-2020-8469.json b/2020/8xxx/CVE-2020-8469.json index 206d7b9f55a..2b587cd4c65 100644 --- a/2020/8xxx/CVE-2020-8469.json +++ b/2020/8xxx/CVE-2020-8469.json @@ -1,18 +1,60 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-8469", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2020-8469", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Password Manager for Windows", + "version" : { + "version_data" : [ + { + "version_value" : "5.0" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "DLL Hijacking" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124168.aspx" + } + ] + } +} From 0784bcfb65d48aeb549417a2b8ac59d25c553da3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Mar 2020 23:01:11 +0000 Subject: [PATCH 077/144] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12735.json | 5 +++ 2019/17xxx/CVE-2019-17653.json | 62 +++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18998.json | 5 +++ 2020/10xxx/CVE-2020-10184.json | 5 +++ 2020/10xxx/CVE-2020-10185.json | 5 +++ 2020/10xxx/CVE-2020-10534.json | 67 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10535.json | 62 +++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1863.json | 56 ++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7600.json | 55 ++++++++++++++++++++++++++-- 9 files changed, 316 insertions(+), 6 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17653.json create mode 100644 2020/10xxx/CVE-2020-10534.json create mode 100644 2020/10xxx/CVE-2020-10535.json diff --git a/2019/12xxx/CVE-2019-12735.json b/2019/12xxx/CVE-2019-12735.json index 94cd5c76d9b..86574c8fab4 100644 --- a/2019/12xxx/CVE-2019-12735.json +++ b/2019/12xxx/CVE-2019-12735.json @@ -186,6 +186,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K93144355?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K93144355?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-04", + "url": "https://security.gentoo.org/glsa/202003-04" } ] } diff --git a/2019/17xxx/CVE-2019-17653.json b/2019/17xxx/CVE-2019-17653.json new file mode 100644 index 00000000000..8ea4ee0f682 --- /dev/null +++ b/2019/17xxx/CVE-2019-17653.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17653", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEM", + "version": { + "version_data": [ + { + "version_value": "5.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-240", + "url": "https://fortiguard.com/psirt/FG-IR-19-240" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18998.json b/2019/18xxx/CVE-2019-18998.json index 87f9489ecad..be201d363f3 100644 --- a/2019/18xxx/CVE-2019-18998.json +++ b/2019/18xxx/CVE-2019-18998.json @@ -85,6 +85,11 @@ "refsource": "CONFIRM", "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch", "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9962&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-072-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-072-02" } ] }, diff --git a/2020/10xxx/CVE-2020-10184.json b/2020/10xxx/CVE-2020-10184.json index 4cc7ff01227..c10ba6a0b05 100644 --- a/2020/10xxx/CVE-2020-10184.json +++ b/2020/10xxx/CVE-2020-10184.json @@ -61,6 +61,11 @@ "url": "https://github.com/Yubico/yubikey-val/releases/tag/yubikey-val-2.40", "refsource": "MISC", "name": "https://github.com/Yubico/yubikey-val/releases/tag/yubikey-val-2.40" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200312 [SECURITY] [DLA 2141-1] yubikey-val security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00014.html" } ] } diff --git a/2020/10xxx/CVE-2020-10185.json b/2020/10xxx/CVE-2020-10185.json index 234f8430bce..e9e68ed90cb 100644 --- a/2020/10xxx/CVE-2020-10185.json +++ b/2020/10xxx/CVE-2020-10185.json @@ -61,6 +61,11 @@ "url": "https://github.com/Yubico/yubikey-val/releases/tag/yubikey-val-2.40", "refsource": "MISC", "name": "https://github.com/Yubico/yubikey-val/releases/tag/yubikey-val-2.40" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200312 [SECURITY] [DLA 2141-1] yubikey-val security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00014.html" } ] } diff --git a/2020/10xxx/CVE-2020-10534.json b/2020/10xxx/CVE-2020-10534.json new file mode 100644 index 00000000000..b54086655c2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10534.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T229731", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T229731" + }, + { + "url": "https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10535.json b/2020/10xxx/CVE-2020-10535.json new file mode 100644 index 00000000000..08bf8a211bb --- /dev/null +++ b/2020/10xxx/CVE-2020-10535.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/" + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1863.json b/2020/1xxx/CVE-2020-1863.json index bb3bd97a030..33214fc9521 100644 --- a/2020/1xxx/CVE-2020-1863.json +++ b/2020/1xxx/CVE-2020-1863.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Huawei USG6000V", + "version": { + "version_data": [ + { + "version_value": "V500R001C20SPC300" + }, + { + "version_value": "V500R003C00SPC100" + }, + { + "version_value": "V500R005C00SPC100" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-buffer-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-buffer-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products." } ] } diff --git a/2020/7xxx/CVE-2020-7600.json b/2020/7xxx/CVE-2020-7600.json index a8755e59d6a..3a455cea2fb 100644 --- a/2020/7xxx/CVE-2020-7600.json +++ b/2020/7xxx/CVE-2020-7600.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "querymen", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 2.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef", + "url": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867", + "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks." } ] } From ef83a8246df6cc5b981f3d1aa26bc40d9ee3c039 Mon Sep 17 00:00:00 2001 From: Gulshan Singh Date: Thu, 12 Mar 2020 16:11:02 -0700 Subject: [PATCH 078/144] Add CVE-2020-1887 --- 2020/1xxx/CVE-2020-1887.json | 73 ++++++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 7 deletions(-) diff --git a/2020/1xxx/CVE-2020-1887.json b/2020/1xxx/CVE-2020-1887.json index da788b6b71c..79ea6d1688b 100644 --- a/2020/1xxx/CVE-2020-1887.json +++ b/2020/1xxx/CVE-2020-1887.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2020-03-12", "ID": "CVE-2020-1887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Facebook", + "product": { + "product_data": [ + { + "product_name": "Osquery", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "4.2.0" + }, + { + "version_affected": ">", + "version_value": "2.9.0" + }, + { + "version_affected": "!=<", + "version_value": "2.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Certificate with Host Mismatch (CWE-297)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/osquery/osquery/pull/6197", + "url": "https://github.com/osquery/osquery/pull/6197" + }, + { + "refsource": "CONFIRM", + "name": "https://www.facebook.com/security/advisories/cve-2020-1887", + "url": "https://www.facebook.com/security/advisories/cve-2020-1887" } ] } -} \ No newline at end of file +} From 687760f0fc62ae34968fc15d669f19b2f20f634d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 00:01:23 +0000 Subject: [PATCH 079/144] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11454.json | 5 ++ 2019/11xxx/CVE-2019-11455.json | 5 ++ 2019/16xxx/CVE-2019-16865.json | 5 ++ 2019/19xxx/CVE-2019-19921.json | 5 ++ 2019/20xxx/CVE-2019-20044.json | 5 ++ 2020/1xxx/CVE-2020-1708.json | 5 ++ 2020/5xxx/CVE-2020-5312.json | 5 ++ 2020/8xxx/CVE-2020-8112.json | 5 ++ 2020/8xxx/CVE-2020-8469.json | 120 +++++++++++++++++---------------- 2020/8xxx/CVE-2020-8945.json | 5 ++ 2020/9xxx/CVE-2020-9369.json | 5 ++ 11 files changed, 111 insertions(+), 59 deletions(-) diff --git a/2019/11xxx/CVE-2019-11454.json b/2019/11xxx/CVE-2019-11454.json index 92c050bd0f1..ad8a35a2c3b 100644 --- a/2019/11xxx/CVE-2019-11454.json +++ b/2019/11xxx/CVE-2019-11454.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-3971-1", "url": "https://usn.ubuntu.com/3971-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9c19202d55", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/" } ] } diff --git a/2019/11xxx/CVE-2019-11455.json b/2019/11xxx/CVE-2019-11455.json index 2a4076ff945..21f6017fdc0 100644 --- a/2019/11xxx/CVE-2019-11455.json +++ b/2019/11xxx/CVE-2019-11455.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-3971-1", "url": "https://usn.ubuntu.com/3971-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9c19202d55", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/" } ] } diff --git a/2019/16xxx/CVE-2019-16865.json b/2019/16xxx/CVE-2019-16865.json index b01bac5f1ac..a8e085f63b7 100644 --- a/2019/16xxx/CVE-2019-16865.json +++ b/2019/16xxx/CVE-2019-16865.json @@ -101,6 +101,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0683", "url": "https://access.redhat.com/errata/RHSA-2020:0683" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0694", + "url": "https://access.redhat.com/errata/RHSA-2020:0694" } ] } diff --git a/2019/19xxx/CVE-2019-19921.json b/2019/19xxx/CVE-2019-19921.json index 687a461f100..40e237ca4ed 100644 --- a/2019/19xxx/CVE-2019-19921.json +++ b/2019/19xxx/CVE-2019-19921.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0688", "url": "https://access.redhat.com/errata/RHSA-2020:0688" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0695", + "url": "https://access.redhat.com/errata/RHSA-2020:0695" } ] } diff --git a/2019/20xxx/CVE-2019-20044.json b/2019/20xxx/CVE-2019-20044.json index b947d14fc1c..7f81171cfb1 100644 --- a/2019/20xxx/CVE-2019-20044.json +++ b/2019/20xxx/CVE-2019-20044.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2117-1] zsh security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3f38f3e517", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/" } ] } diff --git a/2020/1xxx/CVE-2020-1708.json b/2020/1xxx/CVE-2020-1708.json index 085fa38f18e..66584ea985b 100644 --- a/2020/1xxx/CVE-2020-1708.json +++ b/2020/1xxx/CVE-2020-1708.json @@ -61,6 +61,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0617", "url": "https://access.redhat.com/errata/RHSA-2020:0617" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0694", + "url": "https://access.redhat.com/errata/RHSA-2020:0694" } ] }, diff --git a/2020/5xxx/CVE-2020-5312.json b/2020/5xxx/CVE-2020-5312.json index 9c73967bdf4..ac493f8ea95 100644 --- a/2020/5xxx/CVE-2020-5312.json +++ b/2020/5xxx/CVE-2020-5312.json @@ -106,6 +106,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0683", "url": "https://access.redhat.com/errata/RHSA-2020:0683" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0694", + "url": "https://access.redhat.com/errata/RHSA-2020:0694" } ] } diff --git a/2020/8xxx/CVE-2020-8112.json b/2020/8xxx/CVE-2020-8112.json index 088f8a31887..7c7675b74be 100644 --- a/2020/8xxx/CVE-2020-8112.json +++ b/2020/8xxx/CVE-2020-8112.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-8193c0aa68", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM77GIFWHOECNIERYJQPI2ZJU57GZD5/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0694", + "url": "https://access.redhat.com/errata/RHSA-2020:0694" } ] } diff --git a/2020/8xxx/CVE-2020-8469.json b/2020/8xxx/CVE-2020-8469.json index 2b587cd4c65..3c447f161f8 100644 --- a/2020/8xxx/CVE-2020-8469.json +++ b/2020/8xxx/CVE-2020-8469.json @@ -1,60 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2020-8469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Password Manager for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DLL Hijacking" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124168.aspx" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2020-8469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Password Manager for Windows", + "version": { + "version_data": [ + { + "version_value": "5.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Hijacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124168.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124168.aspx" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8945.json b/2020/8xxx/CVE-2020-8945.json index cf32a5eba5f..9da7ae1be2f 100644 --- a/2020/8xxx/CVE-2020-8945.json +++ b/2020/8xxx/CVE-2020-8945.json @@ -96,6 +96,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0689", "url": "https://access.redhat.com/errata/RHSA-2020:0689" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0697", + "url": "https://access.redhat.com/errata/RHSA-2020:0697" } ] } diff --git a/2020/9xxx/CVE-2020-9369.json b/2020/9xxx/CVE-2020-9369.json index edbae20d311..bf5970bda74 100644 --- a/2020/9xxx/CVE-2020-9369.json +++ b/2020/9xxx/CVE-2020-9369.json @@ -61,6 +61,11 @@ "url": "https://github.com/sympa-community/sympa/issues/886", "refsource": "MISC", "name": "https://github.com/sympa-community/sympa/issues/886" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-79516cb689", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/" } ] } From 47619cc7022dd8d0f5a03777ae2e994c4479cf5c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 04:01:12 +0000 Subject: [PATCH 080/144] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15845.json | 5 +++++ 2019/16xxx/CVE-2019-16201.json | 5 +++++ 2019/16xxx/CVE-2019-16254.json | 5 +++++ 2019/16xxx/CVE-2019-16255.json | 5 +++++ 2019/20xxx/CVE-2019-20044.json | 5 +++++ 2019/5xxx/CVE-2019-5094.json | 5 +++++ 2020/9xxx/CVE-2020-9369.json | 5 +++++ 7 files changed, 35 insertions(+) diff --git a/2019/15xxx/CVE-2019-15845.json b/2019/15xxx/CVE-2019-15845.json index b2a00f8c337..2d885d76d7f 100644 --- a/2019/15xxx/CVE-2019-15845.json +++ b/2019/15xxx/CVE-2019-15845.json @@ -86,6 +86,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-06", + "url": "https://security.gentoo.org/glsa/202003-06" } ] } diff --git a/2019/16xxx/CVE-2019-16201.json b/2019/16xxx/CVE-2019-16201.json index 5528e29383d..d8a01732fa9 100644 --- a/2019/16xxx/CVE-2019-16201.json +++ b/2019/16xxx/CVE-2019-16201.json @@ -86,6 +86,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-06", + "url": "https://security.gentoo.org/glsa/202003-06" } ] } diff --git a/2019/16xxx/CVE-2019-16254.json b/2019/16xxx/CVE-2019-16254.json index 74bf79fe754..408d36321cd 100644 --- a/2019/16xxx/CVE-2019-16254.json +++ b/2019/16xxx/CVE-2019-16254.json @@ -111,6 +111,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-06", + "url": "https://security.gentoo.org/glsa/202003-06" } ] } diff --git a/2019/16xxx/CVE-2019-16255.json b/2019/16xxx/CVE-2019-16255.json index ae805c090f7..164a2b45c41 100644 --- a/2019/16xxx/CVE-2019-16255.json +++ b/2019/16xxx/CVE-2019-16255.json @@ -106,6 +106,11 @@ "url": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-06", + "url": "https://security.gentoo.org/glsa/202003-06" } ] } diff --git a/2019/20xxx/CVE-2019-20044.json b/2019/20xxx/CVE-2019-20044.json index 7f81171cfb1..f7689ea92b7 100644 --- a/2019/20xxx/CVE-2019-20044.json +++ b/2019/20xxx/CVE-2019-20044.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-3f38f3e517", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9009363f0f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/" } ] } diff --git a/2019/5xxx/CVE-2019-5094.json b/2019/5xxx/CVE-2019-5094.json index 3049fa50a1b..24a75ce3b67 100644 --- a/2019/5xxx/CVE-2019-5094.json +++ b/2019/5xxx/CVE-2019-5094.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-01ed02451f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-05", + "url": "https://security.gentoo.org/glsa/202003-05" } ] }, diff --git a/2020/9xxx/CVE-2020-9369.json b/2020/9xxx/CVE-2020-9369.json index bf5970bda74..30ef75b4117 100644 --- a/2020/9xxx/CVE-2020-9369.json +++ b/2020/9xxx/CVE-2020-9369.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-79516cb689", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-bb5aa250c9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/" } ] } From 521750d11a67dee4aa2437a9b75f7512f13719fa Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 05:01:12 +0000 Subject: [PATCH 081/144] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13723.json | 7 ++++++- 2019/13xxx/CVE-2019-13724.json | 7 ++++++- 2019/13xxx/CVE-2019-13725.json | 7 ++++++- 2019/13xxx/CVE-2019-13726.json | 7 ++++++- 2019/13xxx/CVE-2019-13727.json | 7 ++++++- 2019/13xxx/CVE-2019-13728.json | 7 ++++++- 2019/13xxx/CVE-2019-13729.json | 7 ++++++- 2019/13xxx/CVE-2019-13730.json | 7 ++++++- 2019/13xxx/CVE-2019-13732.json | 7 ++++++- 2019/13xxx/CVE-2019-13734.json | 5 +++++ 2019/13xxx/CVE-2019-13735.json | 7 ++++++- 2019/13xxx/CVE-2019-13736.json | 7 ++++++- 2019/13xxx/CVE-2019-13737.json | 7 ++++++- 2019/13xxx/CVE-2019-13738.json | 7 ++++++- 2019/13xxx/CVE-2019-13739.json | 7 ++++++- 2019/13xxx/CVE-2019-13740.json | 7 ++++++- 2019/13xxx/CVE-2019-13741.json | 7 ++++++- 2019/13xxx/CVE-2019-13742.json | 7 ++++++- 2019/13xxx/CVE-2019-13743.json | 7 ++++++- 2019/13xxx/CVE-2019-13744.json | 7 ++++++- 2019/13xxx/CVE-2019-13745.json | 7 ++++++- 2019/13xxx/CVE-2019-13746.json | 7 ++++++- 2019/13xxx/CVE-2019-13747.json | 7 ++++++- 2019/13xxx/CVE-2019-13748.json | 7 ++++++- 2019/13xxx/CVE-2019-13749.json | 7 ++++++- 2019/13xxx/CVE-2019-13750.json | 7 ++++++- 2019/13xxx/CVE-2019-13751.json | 7 ++++++- 2019/13xxx/CVE-2019-13752.json | 7 ++++++- 2019/13xxx/CVE-2019-13753.json | 7 ++++++- 2019/13xxx/CVE-2019-13754.json | 7 ++++++- 2019/13xxx/CVE-2019-13755.json | 7 ++++++- 2019/13xxx/CVE-2019-13756.json | 7 ++++++- 2019/13xxx/CVE-2019-13757.json | 7 ++++++- 2019/13xxx/CVE-2019-13758.json | 7 ++++++- 2019/13xxx/CVE-2019-13759.json | 7 ++++++- 2019/13xxx/CVE-2019-13761.json | 7 ++++++- 2019/13xxx/CVE-2019-13762.json | 7 ++++++- 2019/13xxx/CVE-2019-13763.json | 7 ++++++- 2019/13xxx/CVE-2019-13764.json | 7 ++++++- 2019/13xxx/CVE-2019-13767.json | 5 +++++ 2019/18xxx/CVE-2019-18609.json | 5 +++++ 2020/6xxx/CVE-2020-6377.json | 5 +++++ 2020/6xxx/CVE-2020-6378.json | 5 +++++ 2020/6xxx/CVE-2020-6379.json | 5 +++++ 2020/6xxx/CVE-2020-6380.json | 5 +++++ 2020/6xxx/CVE-2020-6381.json | 5 +++++ 2020/6xxx/CVE-2020-6382.json | 5 +++++ 2020/6xxx/CVE-2020-6385.json | 5 +++++ 2020/6xxx/CVE-2020-6387.json | 5 +++++ 2020/6xxx/CVE-2020-6388.json | 5 +++++ 2020/6xxx/CVE-2020-6389.json | 5 +++++ 2020/6xxx/CVE-2020-6390.json | 5 +++++ 2020/6xxx/CVE-2020-6391.json | 5 +++++ 2020/6xxx/CVE-2020-6392.json | 5 +++++ 2020/6xxx/CVE-2020-6393.json | 5 +++++ 2020/6xxx/CVE-2020-6394.json | 5 +++++ 2020/6xxx/CVE-2020-6395.json | 5 +++++ 2020/6xxx/CVE-2020-6396.json | 5 +++++ 2020/6xxx/CVE-2020-6397.json | 5 +++++ 2020/6xxx/CVE-2020-6398.json | 5 +++++ 2020/6xxx/CVE-2020-6399.json | 5 +++++ 2020/6xxx/CVE-2020-6400.json | 5 +++++ 2020/6xxx/CVE-2020-6401.json | 5 +++++ 2020/6xxx/CVE-2020-6402.json | 5 +++++ 2020/6xxx/CVE-2020-6403.json | 5 +++++ 2020/6xxx/CVE-2020-6404.json | 5 +++++ 2020/6xxx/CVE-2020-6406.json | 5 +++++ 2020/6xxx/CVE-2020-6407.json | 5 +++++ 2020/6xxx/CVE-2020-6408.json | 5 +++++ 2020/6xxx/CVE-2020-6409.json | 5 +++++ 2020/6xxx/CVE-2020-6410.json | 5 +++++ 2020/6xxx/CVE-2020-6411.json | 5 +++++ 2020/6xxx/CVE-2020-6412.json | 5 +++++ 2020/6xxx/CVE-2020-6413.json | 5 +++++ 2020/6xxx/CVE-2020-6414.json | 5 +++++ 2020/6xxx/CVE-2020-6415.json | 5 +++++ 2020/6xxx/CVE-2020-6416.json | 5 +++++ 2020/6xxx/CVE-2020-6418.json | 5 +++++ 78 files changed, 428 insertions(+), 38 deletions(-) diff --git a/2019/13xxx/CVE-2019-13723.json b/2019/13xxx/CVE-2019-13723.json index 9f7bbaa9d6c..69a5504117c 100644 --- a/2019/13xxx/CVE-2019-13723.json +++ b/2019/13xxx/CVE-2019-13723.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13723", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2693", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13724.json b/2019/13xxx/CVE-2019-13724.json index 914afa21e79..9fb890858eb 100644 --- a/2019/13xxx/CVE-2019-13724.json +++ b/2019/13xxx/CVE-2019-13724.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13724", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -74,6 +74,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2693", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13725.json b/2019/13xxx/CVE-2019-13725.json index 16a43184f67..38388b91636 100644 --- a/2019/13xxx/CVE-2019-13725.json +++ b/2019/13xxx/CVE-2019-13725.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13725", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13726.json b/2019/13xxx/CVE-2019-13726.json index df796d4c41e..533c5dd63cf 100644 --- a/2019/13xxx/CVE-2019-13726.json +++ b/2019/13xxx/CVE-2019-13726.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13726", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13727.json b/2019/13xxx/CVE-2019-13727.json index 87bc23523b3..e6afa4484db 100644 --- a/2019/13xxx/CVE-2019-13727.json +++ b/2019/13xxx/CVE-2019-13727.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13727", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13728.json b/2019/13xxx/CVE-2019-13728.json index b6afa0dba09..34313e9c900 100644 --- a/2019/13xxx/CVE-2019-13728.json +++ b/2019/13xxx/CVE-2019-13728.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13728", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13729.json b/2019/13xxx/CVE-2019-13729.json index d1cc2c82711..a4a2b82d6de 100644 --- a/2019/13xxx/CVE-2019-13729.json +++ b/2019/13xxx/CVE-2019-13729.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13729", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13730.json b/2019/13xxx/CVE-2019-13730.json index f957d756e80..95cc53fcb31 100644 --- a/2019/13xxx/CVE-2019-13730.json +++ b/2019/13xxx/CVE-2019-13730.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13730", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13732.json b/2019/13xxx/CVE-2019-13732.json index 80482add2bc..8b6e12fbba2 100644 --- a/2019/13xxx/CVE-2019-13732.json +++ b/2019/13xxx/CVE-2019-13732.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13732", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13734.json b/2019/13xxx/CVE-2019-13734.json index 6364d39b76f..c24c8eac2e6 100644 --- a/2019/13xxx/CVE-2019-13734.json +++ b/2019/13xxx/CVE-2019-13734.json @@ -119,6 +119,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0451", "url": "https://access.redhat.com/errata/RHSA-2020:0451" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13735.json b/2019/13xxx/CVE-2019-13735.json index 9271f39466f..5dd929989bb 100644 --- a/2019/13xxx/CVE-2019-13735.json +++ b/2019/13xxx/CVE-2019-13735.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13735", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13736.json b/2019/13xxx/CVE-2019-13736.json index ac55f651ead..50a3e4f9dd3 100644 --- a/2019/13xxx/CVE-2019-13736.json +++ b/2019/13xxx/CVE-2019-13736.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13736", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13737.json b/2019/13xxx/CVE-2019-13737.json index 6a750f11537..07d5f5a7723 100644 --- a/2019/13xxx/CVE-2019-13737.json +++ b/2019/13xxx/CVE-2019-13737.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13737", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13738.json b/2019/13xxx/CVE-2019-13738.json index c869cfd9ade..7eff575da5a 100644 --- a/2019/13xxx/CVE-2019-13738.json +++ b/2019/13xxx/CVE-2019-13738.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13738", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13739.json b/2019/13xxx/CVE-2019-13739.json index c6144d58682..3918d8ca9b9 100644 --- a/2019/13xxx/CVE-2019-13739.json +++ b/2019/13xxx/CVE-2019-13739.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13739", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13740.json b/2019/13xxx/CVE-2019-13740.json index 5b49dd76439..17434fb3bd8 100644 --- a/2019/13xxx/CVE-2019-13740.json +++ b/2019/13xxx/CVE-2019-13740.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13740", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13741.json b/2019/13xxx/CVE-2019-13741.json index 8a7b272fde5..1a1e94fab46 100644 --- a/2019/13xxx/CVE-2019-13741.json +++ b/2019/13xxx/CVE-2019-13741.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13741", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13742.json b/2019/13xxx/CVE-2019-13742.json index 6b2cbb227ec..6dd10c81516 100644 --- a/2019/13xxx/CVE-2019-13742.json +++ b/2019/13xxx/CVE-2019-13742.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13742", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13743.json b/2019/13xxx/CVE-2019-13743.json index 8608ebe5c96..f57a5f83fac 100644 --- a/2019/13xxx/CVE-2019-13743.json +++ b/2019/13xxx/CVE-2019-13743.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13743", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13744.json b/2019/13xxx/CVE-2019-13744.json index f85071ec2f6..4ff8397c19a 100644 --- a/2019/13xxx/CVE-2019-13744.json +++ b/2019/13xxx/CVE-2019-13744.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13744", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13745.json b/2019/13xxx/CVE-2019-13745.json index 6042d6d525e..aeff9272ebd 100644 --- a/2019/13xxx/CVE-2019-13745.json +++ b/2019/13xxx/CVE-2019-13745.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13745", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13746.json b/2019/13xxx/CVE-2019-13746.json index 097991c8027..af7180055bf 100644 --- a/2019/13xxx/CVE-2019-13746.json +++ b/2019/13xxx/CVE-2019-13746.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13746", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13747.json b/2019/13xxx/CVE-2019-13747.json index bb8d2a5564c..5dd3a058fe1 100644 --- a/2019/13xxx/CVE-2019-13747.json +++ b/2019/13xxx/CVE-2019-13747.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13747", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13748.json b/2019/13xxx/CVE-2019-13748.json index f871619cabd..62d23a8c824 100644 --- a/2019/13xxx/CVE-2019-13748.json +++ b/2019/13xxx/CVE-2019-13748.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13748", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13749.json b/2019/13xxx/CVE-2019-13749.json index 436d6e67f49..b9d44554435 100644 --- a/2019/13xxx/CVE-2019-13749.json +++ b/2019/13xxx/CVE-2019-13749.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13749", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13750.json b/2019/13xxx/CVE-2019-13750.json index dc9b759193c..798defea29a 100644 --- a/2019/13xxx/CVE-2019-13750.json +++ b/2019/13xxx/CVE-2019-13750.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13750", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13751.json b/2019/13xxx/CVE-2019-13751.json index edd00762e89..82fd236a859 100644 --- a/2019/13xxx/CVE-2019-13751.json +++ b/2019/13xxx/CVE-2019-13751.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13751", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13752.json b/2019/13xxx/CVE-2019-13752.json index cac068e03eb..3364ae1208f 100644 --- a/2019/13xxx/CVE-2019-13752.json +++ b/2019/13xxx/CVE-2019-13752.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13752", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13753.json b/2019/13xxx/CVE-2019-13753.json index db7d31993ff..77b2607d135 100644 --- a/2019/13xxx/CVE-2019-13753.json +++ b/2019/13xxx/CVE-2019-13753.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13753", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13754.json b/2019/13xxx/CVE-2019-13754.json index e9b22b56227..9a701c5f3a1 100644 --- a/2019/13xxx/CVE-2019-13754.json +++ b/2019/13xxx/CVE-2019-13754.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13754", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13755.json b/2019/13xxx/CVE-2019-13755.json index d41bb69371e..ef85f99a421 100644 --- a/2019/13xxx/CVE-2019-13755.json +++ b/2019/13xxx/CVE-2019-13755.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13755", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13756.json b/2019/13xxx/CVE-2019-13756.json index 5dc723bc96e..011441782e2 100644 --- a/2019/13xxx/CVE-2019-13756.json +++ b/2019/13xxx/CVE-2019-13756.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13756", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13757.json b/2019/13xxx/CVE-2019-13757.json index c8fec6e6ba4..ecb74e2572a 100644 --- a/2019/13xxx/CVE-2019-13757.json +++ b/2019/13xxx/CVE-2019-13757.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13757", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13758.json b/2019/13xxx/CVE-2019-13758.json index 3ee5742bfcd..0316f8ac4e9 100644 --- a/2019/13xxx/CVE-2019-13758.json +++ b/2019/13xxx/CVE-2019-13758.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13758", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13759.json b/2019/13xxx/CVE-2019-13759.json index d049432dbd7..1a58a08957d 100644 --- a/2019/13xxx/CVE-2019-13759.json +++ b/2019/13xxx/CVE-2019-13759.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13759", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13761.json b/2019/13xxx/CVE-2019-13761.json index 2bf751c339e..30bf4376ae3 100644 --- a/2019/13xxx/CVE-2019-13761.json +++ b/2019/13xxx/CVE-2019-13761.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13761", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13762.json b/2019/13xxx/CVE-2019-13762.json index 71614f0e43e..2f992e43d7d 100644 --- a/2019/13xxx/CVE-2019-13762.json +++ b/2019/13xxx/CVE-2019-13762.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13762", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13763.json b/2019/13xxx/CVE-2019-13763.json index 753ee2b9807..915fae7c0f8 100644 --- a/2019/13xxx/CVE-2019-13763.json +++ b/2019/13xxx/CVE-2019-13763.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13763", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13764.json b/2019/13xxx/CVE-2019-13764.json index eb9239db2b7..bb5ea52468e 100644 --- a/2019/13xxx/CVE-2019-13764.json +++ b/2019/13xxx/CVE-2019-13764.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-13764", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -89,6 +89,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/13xxx/CVE-2019-13767.json b/2019/13xxx/CVE-2019-13767.json index 1d32ec714e9..94bd392dc4b 100644 --- a/2019/13xxx/CVE-2019-13767.json +++ b/2019/13xxx/CVE-2019-13767.json @@ -79,6 +79,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156563/Chrome-DesktopMediaPickerController-WebContentsDestroyed-Use-After-Free.html", "url": "http://packetstormsecurity.com/files/156563/Chrome-DesktopMediaPickerController-WebContentsDestroyed-Use-After-Free.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2019/18xxx/CVE-2019-18609.json b/2019/18xxx/CVE-2019-18609.json index bdc43f733f2..f3ad58db51c 100644 --- a/2019/18xxx/CVE-2019-18609.json +++ b/2019/18xxx/CVE-2019-18609.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4214-2", "url": "https://usn.ubuntu.com/4214-2/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-07", + "url": "https://security.gentoo.org/glsa/202003-07" } ] } diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 99f5cfa5798..7f95ad1b6a3 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -94,6 +94,11 @@ "refsource": "DEBIAN", "name": "DSA-4606", "url": "https://www.debian.org/security/2020/dsa-4606" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6378.json b/2020/6xxx/CVE-2020-6378.json index bdefebd8e98..0c4f9891c24 100644 --- a/2020/6xxx/CVE-2020-6378.json +++ b/2020/6xxx/CVE-2020-6378.json @@ -54,6 +54,11 @@ "url": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html", "refsource": "MISC", "name": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6379.json b/2020/6xxx/CVE-2020-6379.json index 593994553b3..b72ca1557b4 100644 --- a/2020/6xxx/CVE-2020-6379.json +++ b/2020/6xxx/CVE-2020-6379.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1033407", "refsource": "MISC", "name": "https://crbug.com/1033407" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6380.json b/2020/6xxx/CVE-2020-6380.json index 4f61baea18f..52711801569 100644 --- a/2020/6xxx/CVE-2020-6380.json +++ b/2020/6xxx/CVE-2020-6380.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1032170", "refsource": "MISC", "name": "https://crbug.com/1032170" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6381.json b/2020/6xxx/CVE-2020-6381.json index b6b0b1975f7..c907c22995b 100644 --- a/2020/6xxx/CVE-2020-6381.json +++ b/2020/6xxx/CVE-2020-6381.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6382.json b/2020/6xxx/CVE-2020-6382.json index bbae1851f39..8e2d4237919 100644 --- a/2020/6xxx/CVE-2020-6382.json +++ b/2020/6xxx/CVE-2020-6382.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6385.json b/2020/6xxx/CVE-2020-6385.json index 5d3fb3b7c3f..3a1e6c356ae 100644 --- a/2020/6xxx/CVE-2020-6385.json +++ b/2020/6xxx/CVE-2020-6385.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6387.json b/2020/6xxx/CVE-2020-6387.json index 889298f8b74..bf6cefc5301 100644 --- a/2020/6xxx/CVE-2020-6387.json +++ b/2020/6xxx/CVE-2020-6387.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6388.json b/2020/6xxx/CVE-2020-6388.json index ac409803b06..c82410b1090 100644 --- a/2020/6xxx/CVE-2020-6388.json +++ b/2020/6xxx/CVE-2020-6388.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6389.json b/2020/6xxx/CVE-2020-6389.json index 8512ff4cb77..d6605d0b240 100644 --- a/2020/6xxx/CVE-2020-6389.json +++ b/2020/6xxx/CVE-2020-6389.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6390.json b/2020/6xxx/CVE-2020-6390.json index ad84c4e9053..eb694f0140b 100644 --- a/2020/6xxx/CVE-2020-6390.json +++ b/2020/6xxx/CVE-2020-6390.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6391.json b/2020/6xxx/CVE-2020-6391.json index e0b5850cc38..9970e26d9e7 100644 --- a/2020/6xxx/CVE-2020-6391.json +++ b/2020/6xxx/CVE-2020-6391.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6392.json b/2020/6xxx/CVE-2020-6392.json index e0551e79516..d789c28400f 100644 --- a/2020/6xxx/CVE-2020-6392.json +++ b/2020/6xxx/CVE-2020-6392.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6393.json b/2020/6xxx/CVE-2020-6393.json index 48feed62997..fbb5dab693e 100644 --- a/2020/6xxx/CVE-2020-6393.json +++ b/2020/6xxx/CVE-2020-6393.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6394.json b/2020/6xxx/CVE-2020-6394.json index e4b3fe16e5f..0c97cfac3e1 100644 --- a/2020/6xxx/CVE-2020-6394.json +++ b/2020/6xxx/CVE-2020-6394.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6395.json b/2020/6xxx/CVE-2020-6395.json index 8d8951bb692..94750c62694 100644 --- a/2020/6xxx/CVE-2020-6395.json +++ b/2020/6xxx/CVE-2020-6395.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6396.json b/2020/6xxx/CVE-2020-6396.json index 5798a13e92c..0ba12c16ae2 100644 --- a/2020/6xxx/CVE-2020-6396.json +++ b/2020/6xxx/CVE-2020-6396.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6397.json b/2020/6xxx/CVE-2020-6397.json index a12f7d72c25..74298886801 100644 --- a/2020/6xxx/CVE-2020-6397.json +++ b/2020/6xxx/CVE-2020-6397.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6398.json b/2020/6xxx/CVE-2020-6398.json index abda2d25480..b182f488621 100644 --- a/2020/6xxx/CVE-2020-6398.json +++ b/2020/6xxx/CVE-2020-6398.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6399.json b/2020/6xxx/CVE-2020-6399.json index 5dc65138284..bf841b8f685 100644 --- a/2020/6xxx/CVE-2020-6399.json +++ b/2020/6xxx/CVE-2020-6399.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6400.json b/2020/6xxx/CVE-2020-6400.json index cdecb049b89..097514dd910 100644 --- a/2020/6xxx/CVE-2020-6400.json +++ b/2020/6xxx/CVE-2020-6400.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6401.json b/2020/6xxx/CVE-2020-6401.json index e37004bb8e1..27c010e885d 100644 --- a/2020/6xxx/CVE-2020-6401.json +++ b/2020/6xxx/CVE-2020-6401.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6402.json b/2020/6xxx/CVE-2020-6402.json index 228e7e8f0bd..c244a64d0f4 100644 --- a/2020/6xxx/CVE-2020-6402.json +++ b/2020/6xxx/CVE-2020-6402.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6403.json b/2020/6xxx/CVE-2020-6403.json index e2a17949914..84f961ada8f 100644 --- a/2020/6xxx/CVE-2020-6403.json +++ b/2020/6xxx/CVE-2020-6403.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6404.json b/2020/6xxx/CVE-2020-6404.json index 4737f08b809..cf9645b28d4 100644 --- a/2020/6xxx/CVE-2020-6404.json +++ b/2020/6xxx/CVE-2020-6404.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6406.json b/2020/6xxx/CVE-2020-6406.json index 7ad1fa20d44..7f9403b4153 100644 --- a/2020/6xxx/CVE-2020-6406.json +++ b/2020/6xxx/CVE-2020-6406.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6407.json b/2020/6xxx/CVE-2020-6407.json index 55c04fca9f4..2633ec93b0b 100644 --- a/2020/6xxx/CVE-2020-6407.json +++ b/2020/6xxx/CVE-2020-6407.json @@ -64,6 +64,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6408.json b/2020/6xxx/CVE-2020-6408.json index 086c114cc84..908b2286f26 100644 --- a/2020/6xxx/CVE-2020-6408.json +++ b/2020/6xxx/CVE-2020-6408.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6409.json b/2020/6xxx/CVE-2020-6409.json index ad870905570..f0820ed8312 100644 --- a/2020/6xxx/CVE-2020-6409.json +++ b/2020/6xxx/CVE-2020-6409.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6410.json b/2020/6xxx/CVE-2020-6410.json index f3bd3067246..cba0a013c27 100644 --- a/2020/6xxx/CVE-2020-6410.json +++ b/2020/6xxx/CVE-2020-6410.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6411.json b/2020/6xxx/CVE-2020-6411.json index ec828ca3f9e..210ef1061ac 100644 --- a/2020/6xxx/CVE-2020-6411.json +++ b/2020/6xxx/CVE-2020-6411.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6412.json b/2020/6xxx/CVE-2020-6412.json index b4c586b21d7..14ae477ab17 100644 --- a/2020/6xxx/CVE-2020-6412.json +++ b/2020/6xxx/CVE-2020-6412.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6413.json b/2020/6xxx/CVE-2020-6413.json index 7e78c79c1fa..ee472e3ff22 100644 --- a/2020/6xxx/CVE-2020-6413.json +++ b/2020/6xxx/CVE-2020-6413.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6414.json b/2020/6xxx/CVE-2020-6414.json index cfa9df14920..238b73c4461 100644 --- a/2020/6xxx/CVE-2020-6414.json +++ b/2020/6xxx/CVE-2020-6414.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6415.json b/2020/6xxx/CVE-2020-6415.json index fd7d0a066c4..5205bd60bd6 100644 --- a/2020/6xxx/CVE-2020-6415.json +++ b/2020/6xxx/CVE-2020-6415.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6416.json b/2020/6xxx/CVE-2020-6416.json index 4d15ef2d40e..4e6ef5da373 100644 --- a/2020/6xxx/CVE-2020-6416.json +++ b/2020/6xxx/CVE-2020-6416.json @@ -74,6 +74,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, diff --git a/2020/6xxx/CVE-2020-6418.json b/2020/6xxx/CVE-2020-6418.json index 51c3689aac4..6235b1215c6 100644 --- a/2020/6xxx/CVE-2020-6418.json +++ b/2020/6xxx/CVE-2020-6418.json @@ -69,6 +69,11 @@ "refsource": "DEBIAN", "name": "DSA-4638", "url": "https://www.debian.org/security/2020/dsa-4638" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-08", + "url": "https://security.gentoo.org/glsa/202003-08" } ] }, From 23cf4eddde135d23a368b8fec663cd70542544db Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 06:01:16 +0000 Subject: [PATCH 082/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10536.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10537.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10538.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10539.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10540.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10541.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10542.json | 18 ++++++++++ 7 files changed, 214 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10536.json create mode 100644 2020/10xxx/CVE-2020-10537.json create mode 100644 2020/10xxx/CVE-2020-10538.json create mode 100644 2020/10xxx/CVE-2020-10539.json create mode 100644 2020/10xxx/CVE-2020-10540.json create mode 100644 2020/10xxx/CVE-2020-10541.json create mode 100644 2020/10xxx/CVE-2020-10542.json diff --git a/2020/10xxx/CVE-2020-10536.json b/2020/10xxx/CVE-2020-10536.json new file mode 100644 index 00000000000..3eaa6679c22 --- /dev/null +++ b/2020/10xxx/CVE-2020-10536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10537.json b/2020/10xxx/CVE-2020-10537.json new file mode 100644 index 00000000000..42a9e0d87f0 --- /dev/null +++ b/2020/10xxx/CVE-2020-10537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10538.json b/2020/10xxx/CVE-2020-10538.json new file mode 100644 index 00000000000..7fb72c8305c --- /dev/null +++ b/2020/10xxx/CVE-2020-10538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10539.json b/2020/10xxx/CVE-2020-10539.json new file mode 100644 index 00000000000..d0bf8280c82 --- /dev/null +++ b/2020/10xxx/CVE-2020-10539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10540.json b/2020/10xxx/CVE-2020-10540.json new file mode 100644 index 00000000000..52edca946de --- /dev/null +++ b/2020/10xxx/CVE-2020-10540.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://help.untis.at/hc/de/articles/360008456699-WebUntis-Release-Notes", + "refsource": "MISC", + "name": "https://help.untis.at/hc/de/articles/360008456699-WebUntis-Release-Notes" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10541.json b/2020/10xxx/CVE-2020-10541.json new file mode 100644 index 00000000000..590010582bd --- /dev/null +++ b/2020/10xxx/CVE-2020-10541.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125108", + "refsource": "MISC", + "name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125108" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10542.json b/2020/10xxx/CVE-2020-10542.json new file mode 100644 index 00000000000..d983628fc31 --- /dev/null +++ b/2020/10xxx/CVE-2020-10542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 21b353ce28cd11e149bfdfcdc29c113a58bc8b4e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 07:01:15 +0000 Subject: [PATCH 083/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10543.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10543.json diff --git a/2020/10xxx/CVE-2020-10543.json b/2020/10xxx/CVE-2020-10543.json new file mode 100644 index 00000000000..5d10ba90f4f --- /dev/null +++ b/2020/10xxx/CVE-2020-10543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10543", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 2b7e4ed2769b8dad62e71eb58ccf43438c6c0e4b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 09:01:14 +0000 Subject: [PATCH 084/144] "-Synchronized-Data." --- 2015/9xxx/CVE-2015-9302.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2015/9xxx/CVE-2015-9302.json b/2015/9xxx/CVE-2015-9302.json index 98fc30b941c..5d94afceb97 100644 --- a/2015/9xxx/CVE-2015-9302.json +++ b/2015/9xxx/CVE-2015-9302.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8342", + "url": "https://wpvulndb.com/vulnerabilities/8342" + }, { "url": "https://wordpress.org/plugins/simple-fields/#developers", "refsource": "MISC", From 7527baa406fa15884bff69356793f3a87a676dd0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 10:01:13 +0000 Subject: [PATCH 085/144] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12402.json | 5 +++++ 2019/20xxx/CVE-2019-20422.json | 5 +++++ 2019/3xxx/CVE-2019-3016.json | 5 +++++ 2020/8xxx/CVE-2020-8428.json | 5 +++++ 2020/8xxx/CVE-2020-8441.json | 5 +++++ 2020/8xxx/CVE-2020-8597.json | 5 +++++ 2020/8xxx/CVE-2020-8992.json | 5 +++++ 2020/9xxx/CVE-2020-9327.json | 5 +++++ 2020/9xxx/CVE-2020-9383.json | 5 +++++ 2020/9xxx/CVE-2020-9391.json | 5 +++++ 10 files changed, 50 insertions(+) diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 0402b8aee67..09a514572c3 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -118,6 +118,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", "url": "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2019/20xxx/CVE-2019-20422.json b/2019/20xxx/CVE-2019-20422.json index 9f442ac0a2c..912eaddf732 100644 --- a/2019/20xxx/CVE-2019-20422.json +++ b/2019/20xxx/CVE-2019-20422.json @@ -61,6 +61,11 @@ "url": "https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa", "refsource": "MISC", "name": "https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200313-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" } ] } diff --git a/2019/3xxx/CVE-2019-3016.json b/2019/3xxx/CVE-2019-3016.json index 67fcfc305a5..32f042a7992 100644 --- a/2019/3xxx/CVE-2019-3016.json +++ b/2019/3xxx/CVE-2019-3016.json @@ -91,6 +91,11 @@ "url": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e", "name": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e", "refsource": "CONFIRM" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200313-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" } ] }, diff --git a/2020/8xxx/CVE-2020-8428.json b/2020/8xxx/CVE-2020-8428.json index 0d6af17910b..528c5f628b7 100644 --- a/2020/8xxx/CVE-2020-8428.json +++ b/2020/8xxx/CVE-2020-8428.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)", "url": "http://www.openwall.com/lists/oss-security/2020/02/02/1" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200313-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" } ] }, diff --git a/2020/8xxx/CVE-2020-8441.json b/2020/8xxx/CVE-2020-8441.json index 5fbab62692f..d5aaca3b94b 100644 --- a/2020/8xxx/CVE-2020-8441.json +++ b/2020/8xxx/CVE-2020-8441.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://gist.github.com/j0lt-github/f5141abcacae63d434ecae211422153a", "url": "https://gist.github.com/j0lt-github/f5141abcacae63d434ecae211422153a" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200313-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200313-0001/" } ] } diff --git a/2020/8xxx/CVE-2020-8597.json b/2020/8xxx/CVE-2020-8597.json index 64af270384d..13851cf0c9b 100644 --- a/2020/8xxx/CVE-2020-8597.json +++ b/2020/8xxx/CVE-2020-8597.json @@ -126,6 +126,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-4304397fe0", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOFDAIOWSWPG732ASYUZNINMXDHY4APE/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200313-0004/", + "url": "https://security.netapp.com/advisory/ntap-20200313-0004/" } ] } diff --git a/2020/8xxx/CVE-2020-8992.json b/2020/8xxx/CVE-2020-8992.json index 6b6c226b32d..48109795372 100644 --- a/2020/8xxx/CVE-2020-8992.json +++ b/2020/8xxx/CVE-2020-8992.json @@ -56,6 +56,11 @@ "url": "https://patchwork.ozlabs.org/patch/1236118/", "refsource": "MISC", "name": "https://patchwork.ozlabs.org/patch/1236118/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200313-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" } ] } diff --git a/2020/9xxx/CVE-2020-9327.json b/2020/9xxx/CVE-2020-9327.json index 83a53f42c78..b7d62e4f1e9 100644 --- a/2020/9xxx/CVE-2020-9327.json +++ b/2020/9xxx/CVE-2020-9327.json @@ -66,6 +66,11 @@ "url": "https://www.sqlite.org/cgi/src/info/4374860b29383380", "refsource": "MISC", "name": "https://www.sqlite.org/cgi/src/info/4374860b29383380" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200313-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200313-0002/" } ] } diff --git a/2020/9xxx/CVE-2020-9383.json b/2020/9xxx/CVE-2020-9383.json index 18673719555..ed78da050c4 100644 --- a/2020/9xxx/CVE-2020-9383.json +++ b/2020/9xxx/CVE-2020-9383.json @@ -56,6 +56,11 @@ "url": "https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3", "refsource": "MISC", "name": "https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200313-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" } ] } diff --git a/2020/9xxx/CVE-2020-9391.json b/2020/9xxx/CVE-2020-9391.json index 411d69f3d11..6832dcd25b3 100644 --- a/2020/9xxx/CVE-2020-9391.json +++ b/2020/9xxx/CVE-2020-9391.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-3cd64d683c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O4LH35HOPBJIKYHYFXMBBM75DN75PZHZ/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200313-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" } ] } From a2f1b449e285692e8ba3f1071b6b754d68e04a6d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 12:01:25 +0000 Subject: [PATCH 086/144] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12402.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 09a514572c3..fd206c7b39e 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -123,6 +123,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", "url": "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488@%3Cissues.flink.apache.org%3E" } ] }, From 5d20cf9f4540fe21d5f2c4eac802e4b924eee8c8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 13:01:21 +0000 Subject: [PATCH 087/144] "-Synchronized-Data." --- 2020/8xxx/CVE-2020-8608.json | 5 +++++ 2020/8xxx/CVE-2020-8840.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2020/8xxx/CVE-2020-8608.json b/2020/8xxx/CVE-2020-8608.json index 9fe193623e8..54e60959fa4 100644 --- a/2020/8xxx/CVE-2020-8608.json +++ b/2020/8xxx/CVE-2020-8608.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4283-1", "url": "https://usn.ubuntu.com/4283-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200313 [SECURITY] [DLA 2142-1] slirp security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html" } ] } diff --git a/2020/8xxx/CVE-2020-8840.json b/2020/8xxx/CVE-2020-8840.json index b02794f93f6..72b4ce86ace 100644 --- a/2020/8xxx/CVE-2020-8840.json +++ b/2020/8xxx/CVE-2020-8840.json @@ -151,6 +151,11 @@ "refsource": "MLIST", "name": "[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1", "url": "https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1", + "url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E" } ] } From 4ada8eb3f48a9d2bfb058a0841c143a5ee0e3e88 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 14:01:18 +0000 Subject: [PATCH 088/144] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14615.json | 5 +++++ 2019/14xxx/CVE-2019-14896.json | 5 +++++ 2019/14xxx/CVE-2019-14897.json | 5 +++++ 2019/16xxx/CVE-2019-16746.json | 5 +++++ 2019/16xxx/CVE-2019-16994.json | 5 +++++ 2019/18xxx/CVE-2019-18808.json | 5 +++++ 2019/19xxx/CVE-2019-19036.json | 5 +++++ 2019/19xxx/CVE-2019-19045.json | 5 +++++ 2019/19xxx/CVE-2019-19051.json | 5 +++++ 2019/19xxx/CVE-2019-19054.json | 5 +++++ 2019/19xxx/CVE-2019-19066.json | 5 +++++ 2019/19xxx/CVE-2019-19318.json | 5 +++++ 2019/19xxx/CVE-2019-19319.json | 5 +++++ 2019/19xxx/CVE-2019-19332.json | 5 +++++ 2019/19xxx/CVE-2019-19447.json | 5 +++++ 2019/19xxx/CVE-2019-19523.json | 5 +++++ 2019/19xxx/CVE-2019-19526.json | 5 +++++ 2019/19xxx/CVE-2019-19527.json | 5 +++++ 2019/19xxx/CVE-2019-19532.json | 5 +++++ 2019/19xxx/CVE-2019-19533.json | 5 +++++ 2019/19xxx/CVE-2019-19535.json | 5 +++++ 2019/19xxx/CVE-2019-19537.json | 5 +++++ 2019/19xxx/CVE-2019-19767.json | 5 +++++ 2019/19xxx/CVE-2019-19927.json | 5 +++++ 2019/19xxx/CVE-2019-19965.json | 5 +++++ 2019/19xxx/CVE-2019-19966.json | 5 +++++ 2019/20xxx/CVE-2019-20054.json | 5 +++++ 2019/20xxx/CVE-2019-20095.json | 5 +++++ 2019/20xxx/CVE-2019-20096.json | 5 +++++ 2020/10xxx/CVE-2020-10531.json | 5 +++++ 2020/7xxx/CVE-2020-7053.json | 5 +++++ 2020/8xxx/CVE-2020-8428.json | 5 +++++ 2020/8xxx/CVE-2020-8648.json | 5 +++++ 2020/8xxx/CVE-2020-8992.json | 5 +++++ 2020/9xxx/CVE-2020-9386.json | 4 ++-- 35 files changed, 172 insertions(+), 2 deletions(-) diff --git a/2019/14xxx/CVE-2019-14615.json b/2019/14xxx/CVE-2019-14615.json index 20c1984ab8c..ffac6a6985c 100644 --- a/2019/14xxx/CVE-2019-14615.json +++ b/2019/14xxx/CVE-2019-14615.json @@ -123,6 +123,11 @@ "refsource": "UBUNTU", "name": "USN-4286-1", "url": "https://usn.ubuntu.com/4286-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14896.json b/2019/14xxx/CVE-2019-14896.json index f51b7529f51..d0f902b292b 100644 --- a/2019/14xxx/CVE-2019-14896.json +++ b/2019/14xxx/CVE-2019-14896.json @@ -118,6 +118,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14897.json b/2019/14xxx/CVE-2019-14897.json index d2b47d137cf..ce8958a7b34 100644 --- a/2019/14xxx/CVE-2019-14897.json +++ b/2019/14xxx/CVE-2019-14897.json @@ -113,6 +113,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] }, diff --git a/2019/16xxx/CVE-2019-16746.json b/2019/16xxx/CVE-2019-16746.json index 7b5558ad54c..9ce81b96bd8 100644 --- a/2019/16xxx/CVE-2019-16746.json +++ b/2019/16xxx/CVE-2019-16746.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/16xxx/CVE-2019-16994.json b/2019/16xxx/CVE-2019-16994.json index 3ae4595c19f..e499e3d41b2 100644 --- a/2019/16xxx/CVE-2019-16994.json +++ b/2019/16xxx/CVE-2019-16994.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191031-0005/", "url": "https://security.netapp.com/advisory/ntap-20191031-0005/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/18xxx/CVE-2019-18808.json b/2019/18xxx/CVE-2019-18808.json index 97fbc80a440..42e9fb0b175 100644 --- a/2019/18xxx/CVE-2019-18808.json +++ b/2019/18xxx/CVE-2019-18808.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-124a241044", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19036.json b/2019/19xxx/CVE-2019-19036.json index 94b714bb8d6..e6357801bcf 100644 --- a/2019/19xxx/CVE-2019-19036.json +++ b/2019/19xxx/CVE-2019-19036.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191205-0001/", "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19045.json b/2019/19xxx/CVE-2019-19045.json index ab7e9771cdf..bbe281818c4 100644 --- a/2019/19xxx/CVE-2019-19045.json +++ b/2019/19xxx/CVE-2019-19045.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4225-2", "url": "https://usn.ubuntu.com/4225-2/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19051.json b/2019/19xxx/CVE-2019-19051.json index ed6beb7caab..20460474f7b 100644 --- a/2019/19xxx/CVE-2019-19051.json +++ b/2019/19xxx/CVE-2019-19051.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4286-1", "url": "https://usn.ubuntu.com/4286-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19054.json b/2019/19xxx/CVE-2019-19054.json index 0af15b45030..b6caf5f3c55 100644 --- a/2019/19xxx/CVE-2019-19054.json +++ b/2019/19xxx/CVE-2019-19054.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191205-0001/", "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19066.json b/2019/19xxx/CVE-2019-19066.json index 6cbc62ecf4a..c775df08607 100644 --- a/2019/19xxx/CVE-2019-19066.json +++ b/2019/19xxx/CVE-2019-19066.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4286-1", "url": "https://usn.ubuntu.com/4286-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19318.json b/2019/19xxx/CVE-2019-19318.json index 163fa4e1a1d..d3f32e58ce0 100644 --- a/2019/19xxx/CVE-2019-19318.json +++ b/2019/19xxx/CVE-2019-19318.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19319.json b/2019/19xxx/CVE-2019-19319.json index 86da357a229..500a02cf484 100644 --- a/2019/19xxx/CVE-2019-19319.json +++ b/2019/19xxx/CVE-2019-19319.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19332.json b/2019/19xxx/CVE-2019-19332.json index e519b11d34b..7c323bb7682 100644 --- a/2019/19xxx/CVE-2019-19332.json +++ b/2019/19xxx/CVE-2019-19332.json @@ -108,6 +108,11 @@ "refsource": "UBUNTU", "name": "USN-4284-1", "url": "https://usn.ubuntu.com/4284-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] }, diff --git a/2019/19xxx/CVE-2019-19447.json b/2019/19xxx/CVE-2019-19447.json index 508c9a70c50..8ac91e800ed 100644 --- a/2019/19xxx/CVE-2019-19447.json +++ b/2019/19xxx/CVE-2019-19447.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19523.json b/2019/19xxx/CVE-2019-19523.json index 9a8e22ff891..1c857e88a58 100644 --- a/2019/19xxx/CVE-2019-19523.json +++ b/2019/19xxx/CVE-2019-19523.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19526.json b/2019/19xxx/CVE-2019-19526.json index c7663cc0773..8d96911efd6 100644 --- a/2019/19xxx/CVE-2019-19526.json +++ b/2019/19xxx/CVE-2019-19526.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4226-1", "url": "https://usn.ubuntu.com/4226-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19527.json b/2019/19xxx/CVE-2019-19527.json index bc53b199cb3..360a88ea596 100644 --- a/2019/19xxx/CVE-2019-19527.json +++ b/2019/19xxx/CVE-2019-19527.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19532.json b/2019/19xxx/CVE-2019-19532.json index f0831f09806..f57b9e5be08 100644 --- a/2019/19xxx/CVE-2019-19532.json +++ b/2019/19xxx/CVE-2019-19532.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19533.json b/2019/19xxx/CVE-2019-19533.json index 0831a0b4758..e6d6540cbd8 100644 --- a/2019/19xxx/CVE-2019-19533.json +++ b/2019/19xxx/CVE-2019-19533.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19535.json b/2019/19xxx/CVE-2019-19535.json index 6c3fce6fe3c..baf89969e74 100644 --- a/2019/19xxx/CVE-2019-19535.json +++ b/2019/19xxx/CVE-2019-19535.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19537.json b/2019/19xxx/CVE-2019-19537.json index 75075d0c150..34429ba14fc 100644 --- a/2019/19xxx/CVE-2019-19537.json +++ b/2019/19xxx/CVE-2019-19537.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19767.json b/2019/19xxx/CVE-2019-19767.json index d3a7e901585..9ac13a23e77 100644 --- a/2019/19xxx/CVE-2019-19767.json +++ b/2019/19xxx/CVE-2019-19767.json @@ -111,6 +111,11 @@ "refsource": "UBUNTU", "name": "USN-4284-1", "url": "https://usn.ubuntu.com/4284-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19927.json b/2019/19xxx/CVE-2019-19927.json index 90a9501b409..7b88906e607 100644 --- a/2019/19xxx/CVE-2019-19927.json +++ b/2019/19xxx/CVE-2019-19927.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19965.json b/2019/19xxx/CVE-2019-19965.json index ff4aea951ca..05af0cf8d6f 100644 --- a/2019/19xxx/CVE-2019-19965.json +++ b/2019/19xxx/CVE-2019-19965.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4286-1", "url": "https://usn.ubuntu.com/4286-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/19xxx/CVE-2019-19966.json b/2019/19xxx/CVE-2019-19966.json index ecbbbeb15b8..e6179b6139a 100644 --- a/2019/19xxx/CVE-2019-19966.json +++ b/2019/19xxx/CVE-2019-19966.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/20xxx/CVE-2019-20054.json b/2019/20xxx/CVE-2019-20054.json index 8ac2bd30f27..9d4cebdc3cd 100644 --- a/2019/20xxx/CVE-2019-20054.json +++ b/2019/20xxx/CVE-2019-20054.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/20xxx/CVE-2019-20095.json b/2019/20xxx/CVE-2019-20095.json index b6c96ce954b..b6137d5b9a9 100644 --- a/2019/20xxx/CVE-2019-20095.json +++ b/2019/20xxx/CVE-2019-20095.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200204-0002/", "url": "https://security.netapp.com/advisory/ntap-20200204-0002/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2019/20xxx/CVE-2019-20096.json b/2019/20xxx/CVE-2019-20096.json index 98751c06e91..00c4cb76c0f 100644 --- a/2019/20xxx/CVE-2019-20096.json +++ b/2019/20xxx/CVE-2019-20096.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4286-1", "url": "https://usn.ubuntu.com/4286-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2020/10xxx/CVE-2020-10531.json b/2020/10xxx/CVE-2020-10531.json index 96544378768..ce30319fe8a 100644 --- a/2020/10xxx/CVE-2020-10531.json +++ b/2020/10xxx/CVE-2020-10531.json @@ -57,6 +57,11 @@ "refsource": "MISC", "name": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0738", + "url": "https://access.redhat.com/errata/RHSA-2020:0738" + }, { "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1044570", "refsource": "MISC", diff --git a/2020/7xxx/CVE-2020-7053.json b/2020/7xxx/CVE-2020-7053.json index 81799357cfb..d5c20ecafb7 100644 --- a/2020/7xxx/CVE-2020-7053.json +++ b/2020/7xxx/CVE-2020-7053.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4287-2", "url": "https://usn.ubuntu.com/4287-2/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2020/8xxx/CVE-2020-8428.json b/2020/8xxx/CVE-2020-8428.json index 528c5f628b7..0ba7d6f54d1 100644 --- a/2020/8xxx/CVE-2020-8428.json +++ b/2020/8xxx/CVE-2020-8428.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200313-0003/", "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] }, diff --git a/2020/8xxx/CVE-2020-8648.json b/2020/8xxx/CVE-2020-8648.json index 703dfb5132d..356fe02874b 100644 --- a/2020/8xxx/CVE-2020-8648.json +++ b/2020/8xxx/CVE-2020-8648.json @@ -56,6 +56,11 @@ "url": "https://bugzilla.kernel.org/show_bug.cgi?id=206361", "refsource": "MISC", "name": "https://bugzilla.kernel.org/show_bug.cgi?id=206361" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2020/8xxx/CVE-2020-8992.json b/2020/8xxx/CVE-2020-8992.json index 48109795372..0dd09e8e42d 100644 --- a/2020/8xxx/CVE-2020-8992.json +++ b/2020/8xxx/CVE-2020-8992.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200313-0003/", "url": "https://security.netapp.com/advisory/ntap-20200313-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0336", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" } ] } diff --git a/2020/9xxx/CVE-2020-9386.json b/2020/9xxx/CVE-2020-9386.json index e5750605aa8..e9676dde965 100644 --- a/2020/9xxx/CVE-2020-9386.json +++ b/2020/9xxx/CVE-2020-9386.json @@ -53,9 +53,9 @@ "references": { "reference_data": [ { - "url": "https://bugs.launchpad.net/mahara/+bug/1836984", "refsource": "MISC", - "name": "https://bugs.launchpad.net/mahara/+bug/1836984" + "name": "https://bugs.launchpad.net/mahara/+bug/1840201", + "url": "https://bugs.launchpad.net/mahara/+bug/1840201" }, { "refsource": "CONFIRM", From 3eda80abf06cfe62db42aa855ac1d28bffc34051 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 15:01:15 +0000 Subject: [PATCH 089/144] "-Synchronized-Data." --- 2009/5xxx/CVE-2009-5159.json | 77 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10544.json | 62 +++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10545.json | 18 ++++++++ 2020/1xxx/CVE-2020-1953.json | 62 +++++++++++++++++++++++++-- 4 files changed, 216 insertions(+), 3 deletions(-) create mode 100644 2009/5xxx/CVE-2009-5159.json create mode 100644 2020/10xxx/CVE-2020-10544.json create mode 100644 2020/10xxx/CVE-2020-10545.json diff --git a/2009/5xxx/CVE-2009-5159.json b/2009/5xxx/CVE-2009-5159.json new file mode 100644 index 00000000000..cd49e410d43 --- /dev/null +++ b/2009/5xxx/CVE-2009-5159.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.securityfocus.com/bid/37263/info", + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/37263/info" + }, + { + "url": "https://www.exploit-db.com/exploits/33394", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/33394" + }, + { + "url": "https://packetstormsecurity.com/files/83624/Invision-Power-Board-3.0.4-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/83624/Invision-Power-Board-3.0.4-Cross-Site-Scripting.html" + }, + { + "url": "http://community.invisionpower.com/topic/300051-invision-power-board-305-released/", + "refsource": "MISC", + "name": "http://community.invisionpower.com/topic/300051-invision-power-board-305-released/" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10544.json b/2020/10xxx/CVE-2020-10544.json new file mode 100644 index 00000000000..37b5fd41e5b --- /dev/null +++ b/2020/10xxx/CVE-2020-10544.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/primefaces/primefaces/issues/5642", + "refsource": "MISC", + "name": "https://github.com/primefaces/primefaces/issues/5642" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10545.json b/2020/10xxx/CVE-2020-10545.json new file mode 100644 index 00000000000..c46dd942021 --- /dev/null +++ b/2020/10xxx/CVE-2020-10545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10545", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1953.json b/2020/1xxx/CVE-2020-1953.json index 0c2168ddb07..076a4570176 100644 --- a/2020/1xxx/CVE-2020-1953.json +++ b/2020/1xxx/CVE-2020-1953.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache Commons Configuration", + "version": { + "version_data": [ + { + "version_value": "2.2" + }, + { + "version_value": "2.3" + }, + { + "version_value": "2.4" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E", + "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application." } ] } From bc7c6fa93187696d1ec7b52fbb1f1ade32ad707f Mon Sep 17 00:00:00 2001 From: lenpsirt Date: Fri, 13 Mar 2020 11:36:36 -0400 Subject: [PATCH 090/144] Update CVE-2019-19756.json populated CVE-2019-19756 details. --- 2019/19xxx/CVE-2019-19756.json | 89 +++++++++++++++++++++++++++++++--- 1 file changed, 82 insertions(+), 7 deletions(-) diff --git a/2019/19xxx/CVE-2019-19756.json b/2019/19xxx/CVE-2019-19756.json index 1275e4a7a29..114ea6398a5 100644 --- a/2019/19xxx/CVE-2019-19756.json +++ b/2019/19xxx/CVE-2019-19756.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2020-03-13T16:00:00.000Z", "ID": "CVE-2019-19756", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XClarity Administrator (LXCA)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.6.12" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532 Information Exposure Through Log Files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-29942", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-29942" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update your LXCA installation to version 2.6.12 or later. Installation note: You will need to update to LXCA 2.6.0 before installing the latest fix bundle (v 2.6.12)." + } + ], + "source": { + "advisory": "LEN-29942", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 2f6e8e44ab3c57701d8843b2a35d05b46f4117d5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 16:01:24 +0000 Subject: [PATCH 091/144] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10195.json | 5 +++ 2019/14xxx/CVE-2019-14867.json | 5 +++ 2019/16xxx/CVE-2019-16157.json | 62 ++++++++++++++++++++++++++++++++++ 2019/6xxx/CVE-2019-6699.json | 58 +++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10195.json | 61 +++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10196.json | 61 +++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10546.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10547.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10548.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10549.json | 18 ++++++++++ 2020/8xxx/CVE-2020-8571.json | 50 +++++++++++++++++++++++++-- 11 files changed, 352 insertions(+), 22 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16157.json create mode 100644 2020/10xxx/CVE-2020-10546.json create mode 100644 2020/10xxx/CVE-2020-10547.json create mode 100644 2020/10xxx/CVE-2020-10548.json create mode 100644 2020/10xxx/CVE-2020-10549.json diff --git a/2019/10xxx/CVE-2019-10195.json b/2019/10xxx/CVE-2019-10195.json index c44ca060aab..10c16c78ade 100644 --- a/2019/10xxx/CVE-2019-10195.json +++ b/2019/10xxx/CVE-2019-10195.json @@ -92,6 +92,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0378", "url": "https://access.redhat.com/errata/RHSA-2020:0378" + }, + { + "refsource": "REDHAT", + "name": "RHBA-2019:4268", + "url": "https://access.redhat.com/errata/RHBA-2019:4268" } ] }, diff --git a/2019/14xxx/CVE-2019-14867.json b/2019/14xxx/CVE-2019-14867.json index c7dc5b4f30a..b814752b17c 100644 --- a/2019/14xxx/CVE-2019-14867.json +++ b/2019/14xxx/CVE-2019-14867.json @@ -92,6 +92,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0378", "url": "https://access.redhat.com/errata/RHSA-2020:0378" + }, + { + "refsource": "REDHAT", + "name": "RHBA-2019:4268", + "url": "https://access.redhat.com/errata/RHBA-2019:4268" } ] }, diff --git a/2019/16xxx/CVE-2019-16157.json b/2019/16xxx/CVE-2019-16157.json new file mode 100644 index 00000000000..76ef69c6b2d --- /dev/null +++ b/2019/16xxx/CVE-2019-16157.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16157", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiWeb", + "version": { + "version_data": [ + { + "version_value": "6.2.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-269", + "url": "https://fortiguard.com/advisory/FG-IR-19-269" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6699.json b/2019/6xxx/CVE-2019-6699.json index eedb395cc47..56ef6c08741 100644 --- a/2019/6xxx/CVE-2019-6699.json +++ b/2019/6xxx/CVE-2019-6699.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6699", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6699", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiADC", + "version": { + "version_data": [ + { + "version_value": "5.3.3 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-220", + "url": "https://fortiguard.com/advisory/FG-IR-19-220" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface." } ] } diff --git a/2020/10xxx/CVE-2020-10195.json b/2020/10xxx/CVE-2020-10195.json index 7cd981f825c..c9dac0ef532 100644 --- a/2020/10xxx/CVE-2020-10195.json +++ b/2020/10xxx/CVE-2020-10195.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10195", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10195", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10127", + "url": "https://wpvulndb.com/vulnerabilities/10127" + }, + { + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/", + "url": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/" } ] } diff --git a/2020/10xxx/CVE-2020-10196.json b/2020/10xxx/CVE-2020-10196.json index 55103aac621..1d222de2405 100644 --- a/2020/10xxx/CVE-2020-10196.json +++ b/2020/10xxx/CVE-2020-10196.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10196", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10196", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10127", + "url": "https://wpvulndb.com/vulnerabilities/10127" + }, + { + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/", + "url": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/" } ] } diff --git a/2020/10xxx/CVE-2020-10546.json b/2020/10xxx/CVE-2020-10546.json new file mode 100644 index 00000000000..7402225e343 --- /dev/null +++ b/2020/10xxx/CVE-2020-10546.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10546", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10547.json b/2020/10xxx/CVE-2020-10547.json new file mode 100644 index 00000000000..97f759a51df --- /dev/null +++ b/2020/10xxx/CVE-2020-10547.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10547", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10548.json b/2020/10xxx/CVE-2020-10548.json new file mode 100644 index 00000000000..3ddd27c639f --- /dev/null +++ b/2020/10xxx/CVE-2020-10548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10548", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10549.json b/2020/10xxx/CVE-2020-10549.json new file mode 100644 index 00000000000..efd0271f279 --- /dev/null +++ b/2020/10xxx/CVE-2020-10549.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10549", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8571.json b/2020/8xxx/CVE-2020-8571.json index 6923b9ddf79..de1d98ff0d3 100644 --- a/2020/8xxx/CVE-2020-8571.json +++ b/2020/8xxx/CVE-2020-8571.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NetApp", + "product": { + "product_data": [ + { + "product_name": "StorageGRID (formerly StorageGRID Webscale)", + "version": { + "version_data": [ + { + "version_value": "Versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200313-0005/", + "url": "https://security.netapp.com/advisory/ntap-20200313-0005/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS)." } ] } From 5259881e3eb313f78139cffa8a6f61536ed52da2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 17:01:09 +0000 Subject: [PATCH 092/144] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12182.json | 71 +++++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12183.json | 5 +++ 2019/19xxx/CVE-2019-19799.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10078.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10079.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10080.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10081.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10082.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10083.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10084.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10085.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10086.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10087.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10088.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10089.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10090.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10091.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10092.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10218.json | 61 ++++++++++++++++++++++++++--- 19 files changed, 1005 insertions(+), 108 deletions(-) diff --git a/2019/12xxx/CVE-2019-12182.json b/2019/12xxx/CVE-2019-12182.json index 87369eb19a7..0c09bea1e7f 100644 --- a/2019/12xxx/CVE-2019-12182.json +++ b/2019/12xxx/CVE-2019-12182.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12182", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12182", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://safescan.com/", + "refsource": "MISC", + "name": "https://safescan.com/" + }, + { + "refsource": "MISC", + "name": "https://github.com/ProCheckUp/SafeScan", + "url": "https://github.com/ProCheckUp/SafeScan" + }, + { + "refsource": "MISC", + "name": "https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/", + "url": "https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/" + }, + { + "refsource": "MISC", + "name": "https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14", + "url": "https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14" } ] } diff --git a/2019/12xxx/CVE-2019-12183.json b/2019/12xxx/CVE-2019-12183.json index a1e8432d90d..917036a7f08 100644 --- a/2019/12xxx/CVE-2019-12183.json +++ b/2019/12xxx/CVE-2019-12183.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/", "url": "https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/" + }, + { + "refsource": "MISC", + "name": "https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14", + "url": "https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14" } ] } diff --git a/2019/19xxx/CVE-2019-19799.json b/2019/19xxx/CVE-2019-19799.json index cca611ceb0b..d87cf81fa27 100644 --- a/2019/19xxx/CVE-2019-19799.json +++ b/2019/19xxx/CVE-2019-19799.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19799", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19799", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine Applications Manager 14590 and before allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com", + "refsource": "MISC", + "name": "https://www.manageengine.com" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/eLeN3Re/cve-2019-19799", + "url": "https://gitlab.com/eLeN3Re/cve-2019-19799" } ] } diff --git a/2020/10xxx/CVE-2020-10078.json b/2020/10xxx/CVE-2020-10078.json index 6369412b2cc..755c3e55b69 100644 --- a/2020/10xxx/CVE-2020-10078.json +++ b/2020/10xxx/CVE-2020-10078.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10078", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10078", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10079.json b/2020/10xxx/CVE-2020-10079.json index 359eefa8070..0feae78bda6 100644 --- a/2020/10xxx/CVE-2020-10079.json +++ b/2020/10xxx/CVE-2020-10079.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10079", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10079", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10080.json b/2020/10xxx/CVE-2020-10080.json index 39332d8d0a2..5c4c52a031e 100644 --- a/2020/10xxx/CVE-2020-10080.json +++ b/2020/10xxx/CVE-2020-10080.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10080", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10080", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10081.json b/2020/10xxx/CVE-2020-10081.json index 2062799518e..25e98fdd8a8 100644 --- a/2020/10xxx/CVE-2020-10081.json +++ b/2020/10xxx/CVE-2020-10081.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10081", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10081", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10082.json b/2020/10xxx/CVE-2020-10082.json index 6365981dea2..da9f7d4151d 100644 --- a/2020/10xxx/CVE-2020-10082.json +++ b/2020/10xxx/CVE-2020-10082.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10082", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10082", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10083.json b/2020/10xxx/CVE-2020-10083.json index cddf6397080..46534520647 100644 --- a/2020/10xxx/CVE-2020-10083.json +++ b/2020/10xxx/CVE-2020-10083.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10083", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10083", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10084.json b/2020/10xxx/CVE-2020-10084.json index 932b3bd4a65..c74d2a930df 100644 --- a/2020/10xxx/CVE-2020-10084.json +++ b/2020/10xxx/CVE-2020-10084.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10084", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10084", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10085.json b/2020/10xxx/CVE-2020-10085.json index 37dd1399857..f3c538f4877 100644 --- a/2020/10xxx/CVE-2020-10085.json +++ b/2020/10xxx/CVE-2020-10085.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10085", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10085", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10086.json b/2020/10xxx/CVE-2020-10086.json index 067becac269..6b43a82e13f 100644 --- a/2020/10xxx/CVE-2020-10086.json +++ b/2020/10xxx/CVE-2020-10086.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10086", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10086", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10087.json b/2020/10xxx/CVE-2020-10087.json index 1fd91469761..60bd84ad496 100644 --- a/2020/10xxx/CVE-2020-10087.json +++ b/2020/10xxx/CVE-2020-10087.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10087", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10087", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10088.json b/2020/10xxx/CVE-2020-10088.json index f8382909ad0..d4d8fd14bd3 100644 --- a/2020/10xxx/CVE-2020-10088.json +++ b/2020/10xxx/CVE-2020-10088.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10088", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10088", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10089.json b/2020/10xxx/CVE-2020-10089.json index e7acc9a60a6..90225af146e 100644 --- a/2020/10xxx/CVE-2020-10089.json +++ b/2020/10xxx/CVE-2020-10089.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10089", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10089", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10090.json b/2020/10xxx/CVE-2020-10090.json index bd1749ac285..48680e39eaa 100644 --- a/2020/10xxx/CVE-2020-10090.json +++ b/2020/10xxx/CVE-2020-10090.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10090", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10090", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10091.json b/2020/10xxx/CVE-2020-10091.json index 5f2aa15b571..84285d5ff52 100644 --- a/2020/10xxx/CVE-2020-10091.json +++ b/2020/10xxx/CVE-2020-10091.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10091", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10091", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10092.json b/2020/10xxx/CVE-2020-10092.json index e7bca13411b..8811a26c307 100644 --- a/2020/10xxx/CVE-2020-10092.json +++ b/2020/10xxx/CVE-2020-10092.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10092", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10092", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10218.json b/2020/10xxx/CVE-2020-10218.json index 3dc12fce3c7..b3871be508d 100644 --- a/2020/10xxx/CVE-2020-10218.json +++ b/2020/10xxx/CVE-2020-10218.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10218", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10218", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sapplica/sentrifugo/commits/master", + "refsource": "MISC", + "name": "https://github.com/sapplica/sentrifugo/commits/master" + }, + { + "refsource": "EXPLOIT-DB", + "name": "Exploit Database", + "url": "https://www.exploit-db.com/exploits/48179" } ] } From a228e046c1555dfcfb9a894c5f48f3f09f5754f7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 18:01:11 +0000 Subject: [PATCH 093/144] "-Synchronized-Data." --- 2018/14xxx/CVE-2018-14701.json | 5 +++ 2018/14xxx/CVE-2018-14709.json | 5 +++ 2019/12xxx/CVE-2019-12402.json | 5 +++ 2019/13xxx/CVE-2019-13203.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13204.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13205.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13206.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13393.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13394.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13395.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10073.json | 61 +++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10074.json | 61 +++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10075.json | 61 +++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10076.json | 61 +++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10077.json | 61 +++++++++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10090.json | 2 +- 2020/10xxx/CVE-2020-10091.json | 2 +- 2020/10xxx/CVE-2020-10092.json | 2 +- 2020/10xxx/CVE-2020-10550.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10551.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10552.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10553.json | 18 ++++++++++ 2020/10xxx/CVE-2020-10554.json | 18 ++++++++++ 2020/1xxx/CVE-2020-1953.json | 5 +++ 24 files changed, 822 insertions(+), 33 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13203.json create mode 100644 2019/13xxx/CVE-2019-13204.json create mode 100644 2019/13xxx/CVE-2019-13205.json create mode 100644 2019/13xxx/CVE-2019-13206.json create mode 100644 2019/13xxx/CVE-2019-13393.json create mode 100644 2019/13xxx/CVE-2019-13394.json create mode 100644 2019/13xxx/CVE-2019-13395.json create mode 100644 2020/10xxx/CVE-2020-10550.json create mode 100644 2020/10xxx/CVE-2020-10551.json create mode 100644 2020/10xxx/CVE-2020-10552.json create mode 100644 2020/10xxx/CVE-2020-10553.json create mode 100644 2020/10xxx/CVE-2020-10554.json diff --git a/2018/14xxx/CVE-2018-14701.json b/2018/14xxx/CVE-2018-14701.json index 9c2ec401cac..ed598015c20 100644 --- a/2018/14xxx/CVE-2018-14701.json +++ b/2018/14xxx/CVE-2018-14701.json @@ -56,6 +56,11 @@ "name": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", "refsource": "MISC", "url": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156710/Drobo-5N2-4.1.1-Remote-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/156710/Drobo-5N2-4.1.1-Remote-Command-Injection.html" } ] } diff --git a/2018/14xxx/CVE-2018-14709.json b/2018/14xxx/CVE-2018-14709.json index 96ca4055314..378871ac110 100644 --- a/2018/14xxx/CVE-2018-14709.json +++ b/2018/14xxx/CVE-2018-14709.json @@ -56,6 +56,11 @@ "name": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", "refsource": "MISC", "url": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156710/Drobo-5N2-4.1.1-Remote-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/156710/Drobo-5N2-4.1.1-Remote-Command-Injection.html" } ] } diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index fd206c7b39e..94ed085ab71 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -128,6 +128,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", "url": "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2019/13xxx/CVE-2019-13203.json b/2019/13xxx/CVE-2019-13203.json new file mode 100644 index 00000000000..12f7effdc97 --- /dev/null +++ b/2019/13xxx/CVE-2019-13203.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13204.json b/2019/13xxx/CVE-2019-13204.json new file mode 100644 index 00000000000..b8d4b44ef4c --- /dev/null +++ b/2019/13xxx/CVE-2019-13204.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13205.json b/2019/13xxx/CVE-2019-13205.json new file mode 100644 index 00000000000..b4b66342262 --- /dev/null +++ b/2019/13xxx/CVE-2019-13205.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13206.json b/2019/13xxx/CVE-2019-13206.json new file mode 100644 index 00000000000..3a282b300f8 --- /dev/null +++ b/2019/13xxx/CVE-2019-13206.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13393.json b/2019/13xxx/CVE-2019-13393.json new file mode 100644 index 00000000000..b20eb816418 --- /dev/null +++ b/2019/13xxx/CVE-2019-13393.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.doyler.net/security-not-included/voo-netgear-cg3700b-vulnerabilities", + "refsource": "MISC", + "name": "https://www.doyler.net/security-not-included/voo-netgear-cg3700b-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13394.json b/2019/13xxx/CVE-2019-13394.json new file mode 100644 index 00000000000..4e721e21f96 --- /dev/null +++ b/2019/13xxx/CVE-2019-13394.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.doyler.net/security-not-included/voo-netgear-cg3700b-vulnerabilities", + "refsource": "MISC", + "name": "https://www.doyler.net/security-not-included/voo-netgear-cg3700b-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13395.json b/2019/13xxx/CVE-2019-13395.json new file mode 100644 index 00000000000..39c9a3b0a82 --- /dev/null +++ b/2019/13xxx/CVE-2019-13395.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.doyler.net/security-not-included/voo-netgear-cg3700b-vulnerabilities", + "refsource": "MISC", + "name": "https://www.doyler.net/security-not-included/voo-netgear-cg3700b-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10073.json b/2020/10xxx/CVE-2020-10073.json index 8fc3d0240c7..7c8a5b65589 100644 --- a/2020/10xxx/CVE-2020-10073.json +++ b/2020/10xxx/CVE-2020-10073.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10073", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10073", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10074.json b/2020/10xxx/CVE-2020-10074.json index 67d98c4dac0..963cd3b1c57 100644 --- a/2020/10xxx/CVE-2020-10074.json +++ b/2020/10xxx/CVE-2020-10074.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10074", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10074", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10075.json b/2020/10xxx/CVE-2020-10075.json index 75ad67eb200..ae40de1d780 100644 --- a/2020/10xxx/CVE-2020-10075.json +++ b/2020/10xxx/CVE-2020-10075.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10075", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10075", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10076.json b/2020/10xxx/CVE-2020-10076.json index e3fecf89b72..97094a9dc77 100644 --- a/2020/10xxx/CVE-2020-10076.json +++ b/2020/10xxx/CVE-2020-10076.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10076", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10076", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10077.json b/2020/10xxx/CVE-2020-10077.json index 3651fe56d97..076f867978c 100644 --- a/2020/10xxx/CVE-2020-10077.json +++ b/2020/10xxx/CVE-2020-10077.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10077", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10077", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10090.json b/2020/10xxx/CVE-2020-10090.json index 48680e39eaa..9079e413399 100644 --- a/2020/10xxx/CVE-2020-10090.json +++ b/2020/10xxx/CVE-2020-10090.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "GitLab before 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed." + "value": "GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed." } ] }, diff --git a/2020/10xxx/CVE-2020-10091.json b/2020/10xxx/CVE-2020-10091.json index 84285d5ff52..55bae17747d 100644 --- a/2020/10xxx/CVE-2020-10091.json +++ b/2020/10xxx/CVE-2020-10091.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "GitLab before 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types." + "value": "GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types." } ] }, diff --git a/2020/10xxx/CVE-2020-10092.json b/2020/10xxx/CVE-2020-10092.json index 8811a26c307..5f03c8b6140 100644 --- a/2020/10xxx/CVE-2020-10092.json +++ b/2020/10xxx/CVE-2020-10092.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "GitLab before 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration." + "value": "GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration." } ] }, diff --git a/2020/10xxx/CVE-2020-10550.json b/2020/10xxx/CVE-2020-10550.json new file mode 100644 index 00000000000..566d5bf014f --- /dev/null +++ b/2020/10xxx/CVE-2020-10550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10551.json b/2020/10xxx/CVE-2020-10551.json new file mode 100644 index 00000000000..b4d27a22944 --- /dev/null +++ b/2020/10xxx/CVE-2020-10551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10552.json b/2020/10xxx/CVE-2020-10552.json new file mode 100644 index 00000000000..13583a34b9f --- /dev/null +++ b/2020/10xxx/CVE-2020-10552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10553.json b/2020/10xxx/CVE-2020-10553.json new file mode 100644 index 00000000000..49d252be708 --- /dev/null +++ b/2020/10xxx/CVE-2020-10553.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10553", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10554.json b/2020/10xxx/CVE-2020-10554.json new file mode 100644 index 00000000000..9ccee99570c --- /dev/null +++ b/2020/10xxx/CVE-2020-10554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10554", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1953.json b/2020/1xxx/CVE-2020-1953.json index 076a4570176..1ac527be8bd 100644 --- a/2020/1xxx/CVE-2020-1953.json +++ b/2020/1xxx/CVE-2020-1953.json @@ -60,6 +60,11 @@ "refsource": "MISC", "name": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E", "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[camel-commits] 20200313 [camel] branch camel-3.1.x updated: Update Commons Configuration 2 due to CVE-2020-1953", + "url": "https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E" } ] }, From 2d6e053156ed19d4e0e5c8f2c74c58a364fd9ed4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 19:01:11 +0000 Subject: [PATCH 094/144] "-Synchronized-Data." --- 2013/1xxx/CVE-2013-1813.json | 5 +++ 2014/9xxx/CVE-2014-9645.json | 5 +++ 2016/6xxx/CVE-2016-6301.json | 5 +++ 2017/16xxx/CVE-2017-16544.json | 5 +++ 2018/17xxx/CVE-2018-17784.json | 5 +++ 2019/13xxx/CVE-2019-13165.json | 67 +++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13166.json | 67 +++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13167.json | 67 +++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13168.json | 67 +++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13169.json | 67 +++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13170.json | 67 +++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13171.json | 67 +++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13172.json | 67 +++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13192.json | 72 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13193.json | 72 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13194.json | 72 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13195.json | 62 +++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13196.json | 62 +++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13197.json | 62 +++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13198.json | 62 +++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13199.json | 62 +++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13200.json | 62 +++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13201.json | 62 +++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13202.json | 62 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14299.json | 67 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14303.json | 67 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14309.json | 67 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14310.json | 67 +++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19611.json | 56 +++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10555.json | 18 +++++++++ 2020/10xxx/CVE-2020-10556.json | 18 +++++++++ 2020/10xxx/CVE-2020-10557.json | 18 +++++++++ 2020/10xxx/CVE-2020-10558.json | 18 +++++++++ 2020/9xxx/CVE-2020-9435.json | 5 +++ 2020/9xxx/CVE-2020-9436.json | 5 +++ 35 files changed, 1673 insertions(+), 6 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13165.json create mode 100644 2019/13xxx/CVE-2019-13166.json create mode 100644 2019/13xxx/CVE-2019-13167.json create mode 100644 2019/13xxx/CVE-2019-13168.json create mode 100644 2019/13xxx/CVE-2019-13169.json create mode 100644 2019/13xxx/CVE-2019-13170.json create mode 100644 2019/13xxx/CVE-2019-13171.json create mode 100644 2019/13xxx/CVE-2019-13172.json create mode 100644 2019/13xxx/CVE-2019-13192.json create mode 100644 2019/13xxx/CVE-2019-13193.json create mode 100644 2019/13xxx/CVE-2019-13194.json create mode 100644 2019/13xxx/CVE-2019-13195.json create mode 100644 2019/13xxx/CVE-2019-13196.json create mode 100644 2019/13xxx/CVE-2019-13197.json create mode 100644 2019/13xxx/CVE-2019-13198.json create mode 100644 2019/13xxx/CVE-2019-13199.json create mode 100644 2019/13xxx/CVE-2019-13200.json create mode 100644 2019/13xxx/CVE-2019-13201.json create mode 100644 2019/13xxx/CVE-2019-13202.json create mode 100644 2019/14xxx/CVE-2019-14299.json create mode 100644 2019/14xxx/CVE-2019-14303.json create mode 100644 2019/14xxx/CVE-2019-14309.json create mode 100644 2019/14xxx/CVE-2019-14310.json create mode 100644 2020/10xxx/CVE-2020-10555.json create mode 100644 2020/10xxx/CVE-2020-10556.json create mode 100644 2020/10xxx/CVE-2020-10557.json create mode 100644 2020/10xxx/CVE-2020-10558.json diff --git a/2013/1xxx/CVE-2013-1813.json b/2013/1xxx/CVE-2013-1813.json index 589cf403397..dd565f97ad0 100644 --- a/2013/1xxx/CVE-2013-1813.json +++ b/2013/1xxx/CVE-2013-1813.json @@ -91,6 +91,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html" + }, + { + "refsource": "FULLDISC", + "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", + "url": "http://seclists.org/fulldisclosure/2020/Mar/15" } ] } diff --git a/2014/9xxx/CVE-2014-9645.json b/2014/9xxx/CVE-2014-9645.json index 283de86defc..458dd0d677b 100644 --- a/2014/9xxx/CVE-2014-9645.json +++ b/2014/9xxx/CVE-2014-9645.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-3935-1", "url": "https://usn.ubuntu.com/3935-1/" + }, + { + "refsource": "FULLDISC", + "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", + "url": "http://seclists.org/fulldisclosure/2020/Mar/15" } ] } diff --git a/2016/6xxx/CVE-2016-6301.json b/2016/6xxx/CVE-2016-6301.json index 13671f403b7..25574278c6b 100644 --- a/2016/6xxx/CVE-2016-6301.json +++ b/2016/6xxx/CVE-2016-6301.json @@ -106,6 +106,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html" + }, + { + "refsource": "FULLDISC", + "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", + "url": "http://seclists.org/fulldisclosure/2020/Mar/15" } ] } diff --git a/2017/16xxx/CVE-2017-16544.json b/2017/16xxx/CVE-2017-16544.json index b6313cec3c9..e1503a67d92 100644 --- a/2017/16xxx/CVE-2017-16544.json +++ b/2017/16xxx/CVE-2017-16544.json @@ -106,6 +106,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html", "url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html" + }, + { + "refsource": "FULLDISC", + "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", + "url": "http://seclists.org/fulldisclosure/2020/Mar/15" } ] } diff --git a/2018/17xxx/CVE-2018-17784.json b/2018/17xxx/CVE-2018-17784.json index 9db4b2a33dc..d6d18489db1 100644 --- a/2018/17xxx/CVE-2018-17784.json +++ b/2018/17xxx/CVE-2018-17784.json @@ -61,6 +61,11 @@ "name": "45594", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45594/" + }, + { + "refsource": "MISC", + "name": "https://www.purplemet.com/blog/sugarcrm-multiple-xss-vulnerabilities", + "url": "https://www.purplemet.com/blog/sugarcrm-multiple-xss-vulnerabilities" } ] } diff --git a/2019/13xxx/CVE-2019-13165.json b/2019/13xxx/CVE-2019-13165.json new file mode 100644 index 00000000000..e6821e284c3 --- /dev/null +++ b/2019/13xxx/CVE-2019-13165.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.business.xerox.com/", + "refsource": "MISC", + "name": "https://security.business.xerox.com/" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13166.json b/2019/13xxx/CVE-2019-13166.json new file mode 100644 index 00000000000..3cb05ceb4bf --- /dev/null +++ b/2019/13xxx/CVE-2019-13166.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.business.xerox.com/", + "refsource": "MISC", + "name": "https://security.business.xerox.com/" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13167.json b/2019/13xxx/CVE-2019-13167.json new file mode 100644 index 00000000000..c8fcaa53991 --- /dev/null +++ b/2019/13xxx/CVE-2019-13167.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.business.xerox.com/", + "refsource": "MISC", + "name": "https://security.business.xerox.com/" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13168.json b/2019/13xxx/CVE-2019-13168.json new file mode 100644 index 00000000000..71a052066e8 --- /dev/null +++ b/2019/13xxx/CVE-2019-13168.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.business.xerox.com/", + "refsource": "MISC", + "name": "https://security.business.xerox.com/" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13169.json b/2019/13xxx/CVE-2019-13169.json new file mode 100644 index 00000000000..7e75b948113 --- /dev/null +++ b/2019/13xxx/CVE-2019-13169.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.business.xerox.com/", + "refsource": "MISC", + "name": "https://security.business.xerox.com/" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13170.json b/2019/13xxx/CVE-2019-13170.json new file mode 100644 index 00000000000..b5c78ab0998 --- /dev/null +++ b/2019/13xxx/CVE-2019-13170.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.business.xerox.com/", + "refsource": "MISC", + "name": "https://security.business.xerox.com/" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13171.json b/2019/13xxx/CVE-2019-13171.json new file mode 100644 index 00000000000..a34dae0fa71 --- /dev/null +++ b/2019/13xxx/CVE-2019-13171.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.business.xerox.com/", + "refsource": "MISC", + "name": "https://security.business.xerox.com/" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13172.json b/2019/13xxx/CVE-2019-13172.json new file mode 100644 index 00000000000..ffffee69f95 --- /dev/null +++ b/2019/13xxx/CVE-2019-13172.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.business.xerox.com/", + "refsource": "MISC", + "name": "https://security.business.xerox.com/" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13192.json b/2019/13xxx/CVE-2019-13192.json new file mode 100644 index 00000000000..e09581cc1d1 --- /dev/null +++ b/2019/13xxx/CVE-2019-13192.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://global.brother", + "refsource": "MISC", + "name": "https://global.brother" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/" + }, + { + "refsource": "MISC", + "name": "https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000", + "url": "https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13193.json b/2019/13xxx/CVE-2019-13193.json new file mode 100644 index 00000000000..d6044b4ae6e --- /dev/null +++ b/2019/13xxx/CVE-2019-13193.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://global.brother", + "refsource": "MISC", + "name": "https://global.brother" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/" + }, + { + "refsource": "MISC", + "name": "https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000", + "url": "https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13194.json b/2019/13xxx/CVE-2019-13194.json new file mode 100644 index 00000000000..3045fd4a8bb --- /dev/null +++ b/2019/13xxx/CVE-2019-13194.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://global.brother", + "refsource": "MISC", + "name": "https://global.brother" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/" + }, + { + "refsource": "MISC", + "name": "https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000", + "url": "https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13195.json b/2019/13xxx/CVE-2019-13195.json new file mode 100644 index 00000000000..2d6e4deb56b --- /dev/null +++ b/2019/13xxx/CVE-2019-13195.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13196.json b/2019/13xxx/CVE-2019-13196.json new file mode 100644 index 00000000000..cd3d7f99eee --- /dev/null +++ b/2019/13xxx/CVE-2019-13196.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13197.json b/2019/13xxx/CVE-2019-13197.json new file mode 100644 index 00000000000..df71e6e2298 --- /dev/null +++ b/2019/13xxx/CVE-2019-13197.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13198.json b/2019/13xxx/CVE-2019-13198.json new file mode 100644 index 00000000000..1575d1bc3fe --- /dev/null +++ b/2019/13xxx/CVE-2019-13198.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13199.json b/2019/13xxx/CVE-2019-13199.json new file mode 100644 index 00000000000..8397eb8eb65 --- /dev/null +++ b/2019/13xxx/CVE-2019-13199.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13200.json b/2019/13xxx/CVE-2019-13200.json new file mode 100644 index 00000000000..12b19de1437 --- /dev/null +++ b/2019/13xxx/CVE-2019-13200.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13201.json b/2019/13xxx/CVE-2019-13201.json new file mode 100644 index 00000000000..23b83abd6b6 --- /dev/null +++ b/2019/13xxx/CVE-2019-13201.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13202.json b/2019/13xxx/CVE-2019-13202.json new file mode 100644 index 00000000000..0a184664d57 --- /dev/null +++ b/2019/13xxx/CVE-2019-13202.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14299.json b/2019/14xxx/CVE-2019-14299.json new file mode 100644 index 00000000000..2cf7c8d60a0 --- /dev/null +++ b/2019/14xxx/CVE-2019-14299.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh-usa.com/en/support-and-download", + "refsource": "MISC", + "name": "https://www.ricoh-usa.com/en/support-and-download" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14303.json b/2019/14xxx/CVE-2019-14303.json new file mode 100644 index 00000000000..0c76f1ca231 --- /dev/null +++ b/2019/14xxx/CVE-2019-14303.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh-usa.com/en/support-and-download", + "refsource": "MISC", + "name": "https://www.ricoh-usa.com/en/support-and-download" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14309.json b/2019/14xxx/CVE-2019-14309.json new file mode 100644 index 00000000000..87d7bd5df7b --- /dev/null +++ b/2019/14xxx/CVE-2019-14309.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh-usa.com/en/support-and-download", + "refsource": "MISC", + "name": "https://www.ricoh-usa.com/en/support-and-download" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14310.json b/2019/14xxx/CVE-2019-14310.json new file mode 100644 index 00000000000..8175a67620e --- /dev/null +++ b/2019/14xxx/CVE-2019-14310.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ricoh-usa.com/en/support-and-download", + "refsource": "MISC", + "name": "https://www.ricoh-usa.com/en/support-and-download" + }, + { + "refsource": "MISC", + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19611.json b/2019/19xxx/CVE-2019-19611.json index 361ef1486ef..c3f65aa3a57 100644 --- a/2019/19xxx/CVE-2019-19611.json +++ b/2019/19xxx/CVE-2019-19611.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19611", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19611", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19611/", + "url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-19611/" } ] } diff --git a/2020/10xxx/CVE-2020-10555.json b/2020/10xxx/CVE-2020-10555.json new file mode 100644 index 00000000000..6ab36d781c5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10555.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10555", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10556.json b/2020/10xxx/CVE-2020-10556.json new file mode 100644 index 00000000000..ea337888831 --- /dev/null +++ b/2020/10xxx/CVE-2020-10556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10557.json b/2020/10xxx/CVE-2020-10557.json new file mode 100644 index 00000000000..1e969e9237f --- /dev/null +++ b/2020/10xxx/CVE-2020-10557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10558.json b/2020/10xxx/CVE-2020-10558.json new file mode 100644 index 00000000000..a75ebbc5744 --- /dev/null +++ b/2020/10xxx/CVE-2020-10558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9435.json b/2020/9xxx/CVE-2020-9435.json index 1005158bfe0..c37f00aa2d6 100644 --- a/2020/9xxx/CVE-2020-9435.json +++ b/2020/9xxx/CVE-2020-9435.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://cert.vde.com/en-us/advisories/vde-2020-003", "url": "https://cert.vde.com/en-us/advisories/vde-2020-003" + }, + { + "refsource": "FULLDISC", + "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", + "url": "http://seclists.org/fulldisclosure/2020/Mar/15" } ] } diff --git a/2020/9xxx/CVE-2020-9436.json b/2020/9xxx/CVE-2020-9436.json index e4e593b800c..925d94ed003 100644 --- a/2020/9xxx/CVE-2020-9436.json +++ b/2020/9xxx/CVE-2020-9436.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://cert.vde.com/en-us/advisories/vde-2020-003", "url": "https://cert.vde.com/en-us/advisories/vde-2020-003" + }, + { + "refsource": "FULLDISC", + "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", + "url": "http://seclists.org/fulldisclosure/2020/Mar/15" } ] } From 8e4965293accd2bb3b390746b1401ccf83430dfc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 20:01:10 +0000 Subject: [PATCH 095/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10559.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10560.json | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10559.json create mode 100644 2020/10xxx/CVE-2020-10560.json diff --git a/2020/10xxx/CVE-2020-10559.json b/2020/10xxx/CVE-2020-10559.json new file mode 100644 index 00000000000..cae5d3169c2 --- /dev/null +++ b/2020/10xxx/CVE-2020-10559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10560.json b/2020/10xxx/CVE-2020-10560.json new file mode 100644 index 00000000000..9e5e1262c0c --- /dev/null +++ b/2020/10xxx/CVE-2020-10560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From afd92dd9a392be47e1e271cbf37bd06f157f8e28 Mon Sep 17 00:00:00 2001 From: DellEMCProductSecurity Date: Fri, 13 Mar 2020 16:22:48 -0400 Subject: [PATCH 096/144] Added CVE-2019-3769,3770,18576,18577,18578 --- 2019/18xxx/CVE-2019-18576.json | 71 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18577.json | 71 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18578.json | 71 ++++++++++++++++++++++++++++++++++ 2019/3xxx/CVE-2019-3769.json | 71 +++++++++++++++++++++++++++++----- 2019/3xxx/CVE-2019-3770.json | 71 +++++++++++++++++++++++++++++----- 5 files changed, 337 insertions(+), 18 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18576.json create mode 100644 2019/18xxx/CVE-2019-18577.json create mode 100644 2019/18xxx/CVE-2019-18578.json diff --git a/2019/18xxx/CVE-2019-18576.json b/2019/18xxx/CVE-2019-18576.json new file mode 100644 index 00000000000..e52211903d2 --- /dev/null +++ b/2019/18xxx/CVE-2019-18576.json @@ -0,0 +1,71 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-12-16", + "ID": "CVE-2019-18576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XtremIO", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users\u2019 passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 6.7, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Inclusion of Sensitive Information in Log Files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18577.json b/2019/18xxx/CVE-2019-18577.json new file mode 100644 index 00000000000..520c39928df --- /dev/null +++ b/2019/18xxx/CVE-2019-18577.json @@ -0,0 +1,71 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-12-16", + "ID": "CVE-2019-18577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XtremIO", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 6.7, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18578.json b/2019/18xxx/CVE-2019-18578.json new file mode 100644 index 00000000000..24fac6be92f --- /dev/null +++ b/2019/18xxx/CVE-2019-18578.json @@ -0,0 +1,71 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-12-16", + "ID": "CVE-2019-18578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XtremIO", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 9.0, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3769.json b/2019/3xxx/CVE-2019-3769.json index f1627f39dd1..f19216d3fcf 100644 --- a/2019/3xxx/CVE-2019-3769.json +++ b/2019/3xxx/CVE-2019-3769.json @@ -1,17 +1,70 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3769", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-11-15", + "ID": "CVE-2019-3769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wyse Management Suite", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "WMS 1.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 6.4, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/article/SLN319512" } ] } diff --git a/2019/3xxx/CVE-2019-3770.json b/2019/3xxx/CVE-2019-3770.json index 762c2a8681a..36168bfd181 100644 --- a/2019/3xxx/CVE-2019-3770.json +++ b/2019/3xxx/CVE-2019-3770.json @@ -1,17 +1,70 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3770", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-11-15", + "ID": "CVE-2019-3770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wyse Management Suite", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "WMS 1.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 6.4, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/article/SLN319512" } ] } From 72750718e2d3d4d7e1851a026a9a47b40644fdd7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 21:01:19 +0000 Subject: [PATCH 097/144] "-Synchronized-Data." --- 2019/18xxx/CVE-2019-18576.json | 43 +++++++++++----------- 2019/18xxx/CVE-2019-18577.json | 43 +++++++++++----------- 2019/18xxx/CVE-2019-18578.json | 43 +++++++++++----------- 2019/3xxx/CVE-2019-3769.json | 43 +++++++++++----------- 2019/3xxx/CVE-2019-3770.json | 43 +++++++++++----------- 2020/10xxx/CVE-2020-10561.json | 18 +++++++++ 2020/10xxx/CVE-2020-10562.json | 67 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10563.json | 67 ++++++++++++++++++++++++++++++++++ 8 files changed, 262 insertions(+), 105 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10561.json create mode 100644 2020/10xxx/CVE-2020-10562.json create mode 100644 2020/10xxx/CVE-2020-10563.json diff --git a/2019/18xxx/CVE-2019-18576.json b/2019/18xxx/CVE-2019-18576.json index e52211903d2..68a08a1b6b1 100644 --- a/2019/18xxx/CVE-2019-18576.json +++ b/2019/18xxx/CVE-2019-18576.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-12-16", - "ID": "CVE-2019-18576", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-12-16", + "ID": "CVE-2019-18576", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "XtremIO", + "product_name": "XtremIO", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "6.3.0" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users\u2019 passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.7, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-532: Inclusion of Sensitive Information in Log Files" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities" + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities", + "name": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities" } ] } diff --git a/2019/18xxx/CVE-2019-18577.json b/2019/18xxx/CVE-2019-18577.json index 520c39928df..139fbe01212 100644 --- a/2019/18xxx/CVE-2019-18577.json +++ b/2019/18xxx/CVE-2019-18577.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-12-16", - "ID": "CVE-2019-18577", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-12-16", + "ID": "CVE-2019-18577", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "XtremIO", + "product_name": "XtremIO", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "6.3.0" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.7, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-732: Incorrect Permission Assignment for Critical Resource" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities" + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities", + "name": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities" } ] } diff --git a/2019/18xxx/CVE-2019-18578.json b/2019/18xxx/CVE-2019-18578.json index 24fac6be92f..f9143d64e35 100644 --- a/2019/18xxx/CVE-2019-18578.json +++ b/2019/18xxx/CVE-2019-18578.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-12-16", - "ID": "CVE-2019-18578", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-12-16", + "ID": "CVE-2019-18578", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "XtremIO", + "product_name": "XtremIO", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "6.3.0" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application." } ] - }, + }, "impact": { "cvss": { - "baseScore": 9.0, - "baseSeverity": "Critical", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 9.0, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities" + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities", + "name": "https://www.dell.com/support/security/en-us/details/539703/DSA-2019-172-Dell-EMC-XtremIO-Security-Update-for-Multiple-Vulnerabilities" } ] } diff --git a/2019/3xxx/CVE-2019-3769.json b/2019/3xxx/CVE-2019-3769.json index f19216d3fcf..46756536d6e 100644 --- a/2019/3xxx/CVE-2019-3769.json +++ b/2019/3xxx/CVE-2019-3769.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-11-15", - "ID": "CVE-2019-3769", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-11-15", + "ID": "CVE-2019-3769", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Wyse Management Suite", + "product_name": "Wyse Management Suite", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "WMS 1.4.1" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.4, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/article/SLN319512" + "refsource": "MISC", + "url": "https://www.dell.com/support/article/SLN319512", + "name": "https://www.dell.com/support/article/SLN319512" } ] } diff --git a/2019/3xxx/CVE-2019-3770.json b/2019/3xxx/CVE-2019-3770.json index 36168bfd181..3b39b8a85b0 100644 --- a/2019/3xxx/CVE-2019-3770.json +++ b/2019/3xxx/CVE-2019-3770.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-11-15", - "ID": "CVE-2019-3770", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-11-15", + "ID": "CVE-2019-3770", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Wyse Management Suite", + "product_name": "Wyse Management Suite", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "WMS 1.4.1" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.4, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/article/SLN319512" + "refsource": "MISC", + "url": "https://www.dell.com/support/article/SLN319512", + "name": "https://www.dell.com/support/article/SLN319512" } ] } diff --git a/2020/10xxx/CVE-2020-10561.json b/2020/10xxx/CVE-2020-10561.json new file mode 100644 index 00000000000..1830108a115 --- /dev/null +++ b/2020/10xxx/CVE-2020-10561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10562.json b/2020/10xxx/CVE-2020-10562.json new file mode 100644 index 00000000000..28ee46e263e --- /dev/null +++ b/2020/10xxx/CVE-2020-10562.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c", + "refsource": "MISC", + "name": "https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c" + }, + { + "url": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8", + "refsource": "MISC", + "name": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10563.json b/2020/10xxx/CVE-2020-10563.json new file mode 100644 index 00000000000..71d73702280 --- /dev/null +++ b/2020/10xxx/CVE-2020-10563.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c", + "refsource": "MISC", + "name": "https://github.com/JeromeDevome/GRR/releases/tag/v3.4.1c" + }, + { + "url": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8", + "refsource": "MISC", + "name": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8" + } + ] + } +} \ No newline at end of file From 00e49e56a92414494c4d3d96d364b0238ca674ee Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 13 Mar 2020 15:03:58 -0600 Subject: [PATCH 098/144] add CVE-2020-5257 for GHSA-2p5p-m353-833w --- 2020/5xxx/CVE-2020-5257.json | 82 +++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 6 deletions(-) diff --git a/2020/5xxx/CVE-2020-5257.json b/2020/5xxx/CVE-2020-5257.json index d3e1999ba6e..f4198875a7c 100644 --- a/2020/5xxx/CVE-2020-5257.json +++ b/2020/5xxx/CVE-2020-5257.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5257", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Sort order SQL injection in Administrate" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "administrate", + "version": { + "version_data": [ + { + "version_value": "< 0.13.0" + } + ] + } + } + ] + }, + "vendor_name": "thoughtbot" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard,\nthe direction parameter was not validated before being interpolated into the SQL query.\nThis could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections.\n\nWhilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication.\n\nThis is patched in wersion 0.13.0." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-943: Improper Neutralization of Special Elements in Data Query Logic" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w", + "refsource": "CONFIRM", + "url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w" + }, + { + "name": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3", + "refsource": "MISC", + "url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3" + } + ] + }, + "source": { + "advisory": "GHSA-2p5p-m353-833w", + "discovery": "UNKNOWN" } } \ No newline at end of file From dbab213193de567ecf8f5faa5b08be73dc7b8fe5 Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Fri, 13 Mar 2020 15:16:39 -0600 Subject: [PATCH 099/144] add CVE-2020-5240 for GHSA-9gjv-6qq6-v7qm --- 2020/5xxx/CVE-2020-5240.json | 84 +++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/2020/5xxx/CVE-2020-5240.json b/2020/5xxx/CVE-2020-5240.json index c0bf5d8c83d..1696ccdbabe 100644 --- a/2020/5xxx/CVE-2020-5240.json +++ b/2020/5xxx/CVE-2020-5240.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5240", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "2FA bypass through deleting devices in wagtail-2fa" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "wagtail-2fa", + "version": { + "version_data": [ + { + "version_value": "< 1.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Lab Digital" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. \nThe user does not require special permissions in order to do so. By deleting the other users device they can disable the target users\n2FA devices and potentially compromise the account if they figure out their password.\n\nThe problem has been patched in version 1.4.1." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/labd/wagtail-2fa/security/advisories/GHSA-9gjv-6qq6-v7qm", + "refsource": "CONFIRM", + "url": "https://github.com/labd/wagtail-2fa/security/advisories/GHSA-9gjv-6qq6-v7qm" + }, + { + "name": "https://github.com/labd/wagtail-2fa/commit/ac23550d33b7436e90e3beea904647907eba5b74", + "refsource": "MISC", + "url": "https://github.com/labd/wagtail-2fa/commit/ac23550d33b7436e90e3beea904647907eba5b74" + } + ] + }, + "source": { + "advisory": "GHSA-9gjv-6qq6-v7qm", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} From 929236fcf5887494abb76ed44ca48eb2a8dec50e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 22:01:22 +0000 Subject: [PATCH 100/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10564.json | 18 ++++++++++++++++++ 2020/5xxx/CVE-2020-5240.json | 4 ++-- 2020/5xxx/CVE-2020-5257.json | 2 +- 3 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10564.json diff --git a/2020/10xxx/CVE-2020-10564.json b/2020/10xxx/CVE-2020-10564.json new file mode 100644 index 00000000000..d3e9565bb94 --- /dev/null +++ b/2020/10xxx/CVE-2020-10564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5240.json b/2020/5xxx/CVE-2020-5240.json index 1696ccdbabe..8e05a8aa8f2 100644 --- a/2020/5xxx/CVE-2020-5240.json +++ b/2020/5xxx/CVE-2020-5240.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. \nThe user does not require special permissions in order to do so. By deleting the other users device they can disable the target users\n2FA devices and potentially compromise the account if they figure out their password.\n\nThe problem has been patched in version 1.4.1." + "value": "In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. The problem has been patched in version 1.4.1." } ] }, @@ -85,4 +85,4 @@ "advisory": "GHSA-9gjv-6qq6-v7qm", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5257.json b/2020/5xxx/CVE-2020-5257.json index f4198875a7c..952a20223a3 100644 --- a/2020/5xxx/CVE-2020-5257.json +++ b/2020/5xxx/CVE-2020-5257.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard,\nthe direction parameter was not validated before being interpolated into the SQL query.\nThis could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections.\n\nWhilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication.\n\nThis is patched in wersion 0.13.0." + "value": "In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0." } ] }, From 297cb52f72f04653ee1760111fb77a27adf0a0ef Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 23:01:11 +0000 Subject: [PATCH 101/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10564.json | 61 ++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 6 deletions(-) diff --git a/2020/10xxx/CVE-2020-10564.json b/2020/10xxx/CVE-2020-10564.json index d3e9565bb94..106a2f8d75d 100644 --- a/2020/10xxx/CVE-2020-10564.json +++ b/2020/10xxx/CVE-2020-10564.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10564", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10564", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-file-upload/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-file-upload/#developers" + }, + { + "url": "https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report/", + "refsource": "MISC", + "name": "https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report/" } ] } From 9cb5f5dfc71e04b7d1737cd1b45e85219e790d68 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 00:01:10 +0000 Subject: [PATCH 102/144] "-Synchronized-Data." --- 2015/5xxx/CVE-2015-5057.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2015/5xxx/CVE-2015-5057.json b/2015/5xxx/CVE-2015-5057.json index b688379be4f..adcf77fe5d7 100644 --- a/2015/5xxx/CVE-2015-5057.json +++ b/2015/5xxx/CVE-2015-5057.json @@ -66,6 +66,11 @@ "name": "75421", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75421" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8064", + "url": "https://wpvulndb.com/vulnerabilities/8064" } ] } From 75caed5c411da20aa965c6fd6d5195f53f06d17f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 01:01:14 +0000 Subject: [PATCH 103/144] "-Synchronized-Data." --- 2013/2xxx/CVE-2013-2165.json | 5 +++ 2015/0xxx/CVE-2015-0279.json | 5 +++ 2018/12xxx/CVE-2018-12532.json | 5 +++ 2018/12xxx/CVE-2018-12533.json | 5 +++ 2018/14xxx/CVE-2018-14667.json | 5 +++ 2020/10xxx/CVE-2020-10564.json | 5 +++ 2020/10xxx/CVE-2020-10565.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10566.json | 62 ++++++++++++++++++++++++++++++++++ 8 files changed, 154 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10565.json create mode 100644 2020/10xxx/CVE-2020-10566.json diff --git a/2013/2xxx/CVE-2013-2165.json b/2013/2xxx/CVE-2013-2165.json index fb66ff79f09..c55e03b6d25 100644 --- a/2013/2xxx/CVE-2013-2165.json +++ b/2013/2xxx/CVE-2013-2165.json @@ -101,6 +101,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html", "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html" + }, + { + "refsource": "FULLDISC", + "name": "20200313 RichFaces exploitation toolkit", + "url": "http://seclists.org/fulldisclosure/2020/Mar/21" } ] } diff --git a/2015/0xxx/CVE-2015-0279.json b/2015/0xxx/CVE-2015-0279.json index f067429737b..03064d9654b 100644 --- a/2015/0xxx/CVE-2015-0279.json +++ b/2015/0xxx/CVE-2015-0279.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html", "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html" + }, + { + "refsource": "FULLDISC", + "name": "20200313 RichFaces exploitation toolkit", + "url": "http://seclists.org/fulldisclosure/2020/Mar/21" } ] } diff --git a/2018/12xxx/CVE-2018-12532.json b/2018/12xxx/CVE-2018-12532.json index 77af1eb3335..6a81f52c6b2 100644 --- a/2018/12xxx/CVE-2018-12532.json +++ b/2018/12xxx/CVE-2018-12532.json @@ -61,6 +61,11 @@ "name": "https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html", "refsource": "MISC", "url": "https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html" + }, + { + "refsource": "FULLDISC", + "name": "20200313 RichFaces exploitation toolkit", + "url": "http://seclists.org/fulldisclosure/2020/Mar/21" } ] } diff --git a/2018/12xxx/CVE-2018-12533.json b/2018/12xxx/CVE-2018-12533.json index d6d632d3454..0b365ed94f8 100644 --- a/2018/12xxx/CVE-2018-12533.json +++ b/2018/12xxx/CVE-2018-12533.json @@ -81,6 +81,11 @@ "name": "RHSA-2018:2930", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2930" + }, + { + "refsource": "FULLDISC", + "name": "20200313 RichFaces exploitation toolkit", + "url": "http://seclists.org/fulldisclosure/2020/Mar/21" } ] } diff --git a/2018/14xxx/CVE-2018-14667.json b/2018/14xxx/CVE-2018-14667.json index 85809527f43..3ffe8b24d15 100644 --- a/2018/14xxx/CVE-2018-14667.json +++ b/2018/14xxx/CVE-2018-14667.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html", "url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html" + }, + { + "refsource": "FULLDISC", + "name": "20200313 RichFaces exploitation toolkit", + "url": "http://seclists.org/fulldisclosure/2020/Mar/21" } ] } diff --git a/2020/10xxx/CVE-2020-10564.json b/2020/10xxx/CVE-2020-10564.json index 106a2f8d75d..71bc5f49e96 100644 --- a/2020/10xxx/CVE-2020-10564.json +++ b/2020/10xxx/CVE-2020-10564.json @@ -61,6 +61,11 @@ "url": "https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report/", "refsource": "MISC", "name": "https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report/" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10132", + "url": "https://wpvulndb.com/vulnerabilities/10132" } ] } diff --git a/2020/10xxx/CVE-2020-10565.json b/2020/10xxx/CVE-2020-10565.json new file mode 100644 index 00000000000..3c827936425 --- /dev/null +++ b/2020/10xxx/CVE-2020-10565.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://svnweb.freebsd.org/ports?view=revision&revision=525916", + "refsource": "MISC", + "name": "https://svnweb.freebsd.org/ports?view=revision&revision=525916" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10566.json b/2020/10xxx/CVE-2020-10566.json new file mode 100644 index 00000000000..5ac9cf9b1f8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10566.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://svnweb.freebsd.org/ports?view=revision&revision=525916", + "refsource": "MISC", + "name": "https://svnweb.freebsd.org/ports?view=revision&revision=525916" + } + ] + } +} \ No newline at end of file From 2a6c04814e5a0c4a99f7a174134d13a625f75539 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 02:01:11 +0000 Subject: [PATCH 104/144] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19274.json | 5 +++++ 2019/19xxx/CVE-2019-19275.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/2019/19xxx/CVE-2019-19274.json b/2019/19xxx/CVE-2019-19274.json index a2f8d9b8f53..e0b46ae8752 100644 --- a/2019/19xxx/CVE-2019-19274.json +++ b/2019/19xxx/CVE-2019-19274.json @@ -76,6 +76,11 @@ "url": "https://bugs.python.org/issue36495", "refsource": "MISC", "name": "https://bugs.python.org/issue36495" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9b3dabc21c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA/" } ] } diff --git a/2019/19xxx/CVE-2019-19275.json b/2019/19xxx/CVE-2019-19275.json index 0d0b866f29d..f8de01b3196 100644 --- a/2019/19xxx/CVE-2019-19275.json +++ b/2019/19xxx/CVE-2019-19275.json @@ -76,6 +76,11 @@ "url": "https://bugs.python.org/issue36495", "refsource": "MISC", "name": "https://bugs.python.org/issue36495" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9b3dabc21c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA/" } ] } From 940b9b006750b241f6f658234910c7be008164a6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 03:01:11 +0000 Subject: [PATCH 105/144] "-Synchronized-Data." --- 2018/11xxx/CVE-2018-11769.json | 5 +++++ 2018/17xxx/CVE-2018-17188.json | 5 +++++ 2018/8xxx/CVE-2018-8007.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2018/11xxx/CVE-2018-11769.json b/2018/11xxx/CVE-2018-11769.json index 8937f258874..28b993269fc 100644 --- a/2018/11xxx/CVE-2018-11769.json +++ b/2018/11xxx/CVE-2018-11769.json @@ -72,6 +72,11 @@ "refsource": "CONFIRM", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-83f513fd7e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" } ] } diff --git a/2018/17xxx/CVE-2018-17188.json b/2018/17xxx/CVE-2018-17188.json index 95cbf7b7fc6..a4cfd95c85c 100644 --- a/2018/17xxx/CVE-2018-17188.json +++ b/2018/17xxx/CVE-2018-17188.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-83f513fd7e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" } ] } diff --git a/2018/8xxx/CVE-2018-8007.json b/2018/8xxx/CVE-2018-8007.json index 891b9e076a8..41bb0b0b268 100644 --- a/2018/8xxx/CVE-2018-8007.json +++ b/2018/8xxx/CVE-2018-8007.json @@ -90,6 +90,11 @@ "refsource": "CONFIRM", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-83f513fd7e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/" } ] } From b30399a191b18e6be215dcf1a898e028c297a305 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 14:01:09 +0000 Subject: [PATCH 106/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10567.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10568.json | 62 ++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10567.json create mode 100644 2020/10xxx/CVE-2020-10568.json diff --git a/2020/10xxx/CVE-2020-10567.json b/2020/10xxx/CVE-2020-10567.json new file mode 100644 index 00000000000..88fc092ee90 --- /dev/null +++ b/2020/10xxx/CVE-2020-10567.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/trippo/ResponsiveFilemanager/issues/600", + "refsource": "MISC", + "name": "https://github.com/trippo/ResponsiveFilemanager/issues/600" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10568.json b/2020/10xxx/CVE-2020-10568.json new file mode 100644 index 00000000000..43b614abc09 --- /dev/null +++ b/2020/10xxx/CVE-2020-10568.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@arall/sitepress-multilingual-cms-wplugin-wpml-4-3-7-b-2-9c9486c13577", + "refsource": "MISC", + "name": "https://medium.com/@arall/sitepress-multilingual-cms-wplugin-wpml-4-3-7-b-2-9c9486c13577" + } + ] + } +} \ No newline at end of file From 29364b00b4ad98cf02fda6aebf6ca3b45a112a11 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 15:01:15 +0000 Subject: [PATCH 107/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10569.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10569.json diff --git a/2020/10xxx/CVE-2020-10569.json b/2020/10xxx/CVE-2020-10569.json new file mode 100644 index 00000000000..132934e5062 --- /dev/null +++ b/2020/10xxx/CVE-2020-10569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From b8aa64cf6f71b1b34c2099ac58880d4a1ccb98b7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 16:01:16 +0000 Subject: [PATCH 108/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10570.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10570.json diff --git a/2020/10xxx/CVE-2020-10570.json b/2020/10xxx/CVE-2020-10570.json new file mode 100644 index 00000000000..82d7d2b8f87 --- /dev/null +++ b/2020/10xxx/CVE-2020-10570.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10570", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 947d2116be14d19222a4b0e49b9bb382df0c9e6d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 17:01:12 +0000 Subject: [PATCH 109/144] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11027.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/11xxx/CVE-2019-11027.json b/2019/11xxx/CVE-2019-11027.json index fce5c2068b8..b11b2170fe1 100644 --- a/2019/11xxx/CVE-2019-11027.json +++ b/2019/11xxx/CVE-2019-11027.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191011 [SECURITY] [DLA 1956-1] ruby-openid security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00014.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-09", + "url": "https://security.gentoo.org/glsa/202003-09" } ] } From e08f752587cb6f57f65fa63bf2c6dedd9042197d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 18:01:13 +0000 Subject: [PATCH 110/144] "-Synchronized-Data." --- 2018/21xxx/CVE-2018-21036.json | 18 +++++++++ 2020/10xxx/CVE-2020-10571.json | 67 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10572.json | 18 +++++++++ 3 files changed, 103 insertions(+) create mode 100644 2018/21xxx/CVE-2018-21036.json create mode 100644 2020/10xxx/CVE-2020-10571.json create mode 100644 2020/10xxx/CVE-2020-10572.json diff --git a/2018/21xxx/CVE-2018-21036.json b/2018/21xxx/CVE-2018-21036.json new file mode 100644 index 00000000000..37573040e2f --- /dev/null +++ b/2018/21xxx/CVE-2018-21036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-21036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10571.json b/2020/10xxx/CVE-2020-10571.json new file mode 100644 index 00000000000..6ca9ef975ee --- /dev/null +++ b/2020/10xxx/CVE-2020-10571.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/psd-tools/psd-tools/pull/198", + "refsource": "MISC", + "name": "https://github.com/psd-tools/psd-tools/pull/198" + }, + { + "url": "https://github.com/psd-tools/psd-tools/releases/tag/v1.9.4", + "refsource": "MISC", + "name": "https://github.com/psd-tools/psd-tools/releases/tag/v1.9.4" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10572.json b/2020/10xxx/CVE-2020-10572.json new file mode 100644 index 00000000000..1b549bcce06 --- /dev/null +++ b/2020/10xxx/CVE-2020-10572.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10572", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From ad798c1d941d6e864e1adbfc1565e7e906650752 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 19:01:12 +0000 Subject: [PATCH 111/144] "-Synchronized-Data." --- 2017/5xxx/CVE-2017-5617.json | 5 +++++ 2019/11xxx/CVE-2019-11365.json | 5 +++++ 2019/11xxx/CVE-2019-11366.json | 5 +++++ 2019/11xxx/CVE-2019-11745.json | 5 +++++ 2019/11xxx/CVE-2019-11757.json | 5 +++++ 2019/11xxx/CVE-2019-11759.json | 5 +++++ 2019/11xxx/CVE-2019-11760.json | 5 +++++ 2019/11xxx/CVE-2019-11761.json | 5 +++++ 2019/11xxx/CVE-2019-11762.json | 5 +++++ 2019/11xxx/CVE-2019-11763.json | 5 +++++ 2019/11xxx/CVE-2019-11764.json | 5 +++++ 2019/14xxx/CVE-2019-14287.json | 5 +++++ 2019/14xxx/CVE-2019-14697.json | 5 +++++ 2019/17xxx/CVE-2019-17005.json | 5 +++++ 2019/17xxx/CVE-2019-17008.json | 5 +++++ 2019/17xxx/CVE-2019-17010.json | 5 +++++ 2019/17xxx/CVE-2019-17011.json | 5 +++++ 2019/17xxx/CVE-2019-17012.json | 5 +++++ 2019/18xxx/CVE-2019-18634.json | 5 +++++ 2019/20xxx/CVE-2019-20503.json | 5 +++++ 2020/10xxx/CVE-2020-10189.json | 5 +++++ 2020/6xxx/CVE-2020-6792.json | 5 +++++ 2020/6xxx/CVE-2020-6793.json | 5 +++++ 2020/6xxx/CVE-2020-6794.json | 5 +++++ 2020/6xxx/CVE-2020-6795.json | 5 +++++ 2020/6xxx/CVE-2020-6798.json | 5 +++++ 2020/6xxx/CVE-2020-6800.json | 5 +++++ 2020/9xxx/CVE-2020-9435.json | 5 +++++ 2020/9xxx/CVE-2020-9436.json | 5 +++++ 2020/9xxx/CVE-2020-9547.json | 10 ++++++++++ 30 files changed, 155 insertions(+) diff --git a/2017/5xxx/CVE-2017-5617.json b/2017/5xxx/CVE-2017-5617.json index c3d7ee1e950..a8da764b314 100644 --- a/2017/5xxx/CVE-2017-5617.json +++ b/2017/5xxx/CVE-2017-5617.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-735d3953e8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3V7RIIO3HO4RNDBN2PARLIDAL3RPV2OX/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-11", + "url": "https://security.gentoo.org/glsa/202003-11" } ] } diff --git a/2019/11xxx/CVE-2019-11365.json b/2019/11xxx/CVE-2019-11365.json index f70b1be682d..c6927a5b522 100644 --- a/2019/11xxx/CVE-2019-11365.json +++ b/2019/11xxx/CVE-2019-11365.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190512 [SECURITY] [DLA 1783-1] atftp security update", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00012.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-14", + "url": "https://security.gentoo.org/glsa/202003-14" } ] } diff --git a/2019/11xxx/CVE-2019-11366.json b/2019/11xxx/CVE-2019-11366.json index ce2eaf1725b..aaa458807af 100644 --- a/2019/11xxx/CVE-2019-11366.json +++ b/2019/11xxx/CVE-2019-11366.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190512 [SECURITY] [DLA 1783-1] atftp security update", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00012.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-14", + "url": "https://security.gentoo.org/glsa/202003-14" } ] } diff --git a/2019/11xxx/CVE-2019-11745.json b/2019/11xxx/CVE-2019-11745.json index f98037198c7..81363e14ec3 100644 --- a/2019/11xxx/CVE-2019-11745.json +++ b/2019/11xxx/CVE-2019-11745.json @@ -118,6 +118,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-02", "url": "https://security.gentoo.org/glsa/202003-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/11xxx/CVE-2019-11757.json b/2019/11xxx/CVE-2019-11757.json index 2025bab0b6e..c614de02fd9 100644 --- a/2019/11xxx/CVE-2019-11757.json +++ b/2019/11xxx/CVE-2019-11757.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577107", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577107" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/11xxx/CVE-2019-11759.json b/2019/11xxx/CVE-2019-11759.json index 3996ceaae63..ab733e5a6e6 100644 --- a/2019/11xxx/CVE-2019-11759.json +++ b/2019/11xxx/CVE-2019-11759.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577953", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577953" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/11xxx/CVE-2019-11760.json b/2019/11xxx/CVE-2019-11760.json index 62d010bf770..70e4e5e7081 100644 --- a/2019/11xxx/CVE-2019-11760.json +++ b/2019/11xxx/CVE-2019-11760.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577719", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1577719" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/11xxx/CVE-2019-11761.json b/2019/11xxx/CVE-2019-11761.json index 7e56f1fb285..63104768930 100644 --- a/2019/11xxx/CVE-2019-11761.json +++ b/2019/11xxx/CVE-2019-11761.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1561502", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1561502" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/11xxx/CVE-2019-11762.json b/2019/11xxx/CVE-2019-11762.json index e44a6b0c07e..3fa38b3038f 100644 --- a/2019/11xxx/CVE-2019-11762.json +++ b/2019/11xxx/CVE-2019-11762.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/11xxx/CVE-2019-11763.json b/2019/11xxx/CVE-2019-11763.json index 524feae66b3..559d64c2c5d 100644 --- a/2019/11xxx/CVE-2019-11763.json +++ b/2019/11xxx/CVE-2019-11763.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584216", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584216" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/11xxx/CVE-2019-11764.json b/2019/11xxx/CVE-2019-11764.json index e118bb1a4e1..693d4bf9583 100644 --- a/2019/11xxx/CVE-2019-11764.json +++ b/2019/11xxx/CVE-2019-11764.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://www.mozilla.org/security/advisories/mfsa2019-34/", "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/14xxx/CVE-2019-14287.json b/2019/14xxx/CVE-2019-14287.json index fdfaddc6a4a..0e6900a6fef 100644 --- a/2019/14xxx/CVE-2019-14287.json +++ b/2019/14xxx/CVE-2019-14287.json @@ -226,6 +226,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0388", "url": "https://access.redhat.com/errata/RHSA-2020:0388" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-12", + "url": "https://security.gentoo.org/glsa/202003-12" } ] } diff --git a/2019/14xxx/CVE-2019-14697.json b/2019/14xxx/CVE-2019-14697.json index b4e39e4986b..baf0e71d0a4 100644 --- a/2019/14xxx/CVE-2019-14697.json +++ b/2019/14xxx/CVE-2019-14697.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190806 Re: [musl] CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance", "url": "http://www.openwall.com/lists/oss-security/2019/08/06/4" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-13", + "url": "https://security.gentoo.org/glsa/202003-13" } ] } diff --git a/2019/17xxx/CVE-2019-17005.json b/2019/17xxx/CVE-2019-17005.json index 255f00431da..df43a83d597 100644 --- a/2019/17xxx/CVE-2019-17005.json +++ b/2019/17xxx/CVE-2019-17005.json @@ -113,6 +113,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-02", "url": "https://security.gentoo.org/glsa/202003-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/17xxx/CVE-2019-17008.json b/2019/17xxx/CVE-2019-17008.json index 489dff0c866..5e44adb262c 100644 --- a/2019/17xxx/CVE-2019-17008.json +++ b/2019/17xxx/CVE-2019-17008.json @@ -113,6 +113,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-02", "url": "https://security.gentoo.org/glsa/202003-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/17xxx/CVE-2019-17010.json b/2019/17xxx/CVE-2019-17010.json index c3cc91dcbaa..5d52a013f16 100644 --- a/2019/17xxx/CVE-2019-17010.json +++ b/2019/17xxx/CVE-2019-17010.json @@ -113,6 +113,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-02", "url": "https://security.gentoo.org/glsa/202003-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/17xxx/CVE-2019-17011.json b/2019/17xxx/CVE-2019-17011.json index 3120697b4cf..aa257799fe8 100644 --- a/2019/17xxx/CVE-2019-17011.json +++ b/2019/17xxx/CVE-2019-17011.json @@ -113,6 +113,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-02", "url": "https://security.gentoo.org/glsa/202003-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/17xxx/CVE-2019-17012.json b/2019/17xxx/CVE-2019-17012.json index 2b769399e47..e4fd3172a53 100644 --- a/2019/17xxx/CVE-2019-17012.json +++ b/2019/17xxx/CVE-2019-17012.json @@ -113,6 +113,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-02", "url": "https://security.gentoo.org/glsa/202003-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2019/18xxx/CVE-2019-18634.json b/2019/18xxx/CVE-2019-18634.json index 3b3e43c3f03..2cb3f33b35d 100644 --- a/2019/18xxx/CVE-2019-18634.json +++ b/2019/18xxx/CVE-2019-18634.json @@ -171,6 +171,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0726", "url": "https://access.redhat.com/errata/RHSA-2020:0726" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-12", + "url": "https://security.gentoo.org/glsa/202003-12" } ] } diff --git a/2019/20xxx/CVE-2019-20503.json b/2019/20xxx/CVE-2019-20503.json index 5988a5233c4..1a57857d8e3 100644 --- a/2019/20xxx/CVE-2019-20503.json +++ b/2019/20xxx/CVE-2019-20503.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-02", "url": "https://security.gentoo.org/glsa/202003-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] } diff --git a/2020/10xxx/CVE-2020-10189.json b/2020/10xxx/CVE-2020-10189.json index 13e75ec12da..6a5752d6502 100644 --- a/2020/10xxx/CVE-2020-10189.json +++ b/2020/10xxx/CVE-2020-10189.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html", "url": "https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.html", + "url": "http://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.html" } ] }, diff --git a/2020/6xxx/CVE-2020-6792.json b/2020/6xxx/CVE-2020-6792.json index 35b6eff0b3e..49b951572dd 100644 --- a/2020/6xxx/CVE-2020-6792.json +++ b/2020/6xxx/CVE-2020-6792.json @@ -54,6 +54,11 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1609607", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1609607" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2020/6xxx/CVE-2020-6793.json b/2020/6xxx/CVE-2020-6793.json index 65bf677f84c..e1c3279a708 100644 --- a/2020/6xxx/CVE-2020-6793.json +++ b/2020/6xxx/CVE-2020-6793.json @@ -54,6 +54,11 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1608539", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1608539" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2020/6xxx/CVE-2020-6794.json b/2020/6xxx/CVE-2020-6794.json index e9150fb7db4..2a1c8a05f69 100644 --- a/2020/6xxx/CVE-2020-6794.json +++ b/2020/6xxx/CVE-2020-6794.json @@ -54,6 +54,11 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1606619", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1606619" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2020/6xxx/CVE-2020-6795.json b/2020/6xxx/CVE-2020-6795.json index ed3f865e362..a574ed212c6 100644 --- a/2020/6xxx/CVE-2020-6795.json +++ b/2020/6xxx/CVE-2020-6795.json @@ -54,6 +54,11 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1611105", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1611105" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2020/6xxx/CVE-2020-6798.json b/2020/6xxx/CVE-2020-6798.json index 7ba5354c022..c63ebaca670 100644 --- a/2020/6xxx/CVE-2020-6798.json +++ b/2020/6xxx/CVE-2020-6798.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-02", "url": "https://security.gentoo.org/glsa/202003-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2020/6xxx/CVE-2020-6800.json b/2020/6xxx/CVE-2020-6800.json index d1a34c27c00..30161ead323 100644 --- a/2020/6xxx/CVE-2020-6800.json +++ b/2020/6xxx/CVE-2020-6800.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-02", "url": "https://security.gentoo.org/glsa/202003-02" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-10", + "url": "https://security.gentoo.org/glsa/202003-10" } ] }, diff --git a/2020/9xxx/CVE-2020-9435.json b/2020/9xxx/CVE-2020-9435.json index c37f00aa2d6..8157dc66079 100644 --- a/2020/9xxx/CVE-2020-9435.json +++ b/2020/9xxx/CVE-2020-9435.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "url": "http://seclists.org/fulldisclosure/2020/Mar/15" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html" } ] } diff --git a/2020/9xxx/CVE-2020-9436.json b/2020/9xxx/CVE-2020-9436.json index 925d94ed003..f73dd336c75 100644 --- a/2020/9xxx/CVE-2020-9436.json +++ b/2020/9xxx/CVE-2020-9436.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "url": "http://seclists.org/fulldisclosure/2020/Mar/15" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/156729/Phoenix-Contact-TC-Router-TC-Cloud-Client-Command-Injection.html" } ] } diff --git a/2020/9xxx/CVE-2020-9547.json b/2020/9xxx/CVE-2020-9547.json index 87b21474045..41d6ab52bde 100644 --- a/2020/9xxx/CVE-2020-9547.json +++ b/2020/9xxx/CVE-2020-9547.json @@ -111,6 +111,16 @@ "refsource": "MISC", "name": "https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E", "url": "https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E", + "url": "https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E" } ] } From cc355499ea839d0ecb03c032e5b108e19586d638 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 20:01:13 +0000 Subject: [PATCH 112/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10573.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10574.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10575.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10576.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10577.json | 62 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10578.json | 62 ++++++++++++++++++++++++++++++++++ 6 files changed, 372 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10573.json create mode 100644 2020/10xxx/CVE-2020-10574.json create mode 100644 2020/10xxx/CVE-2020-10575.json create mode 100644 2020/10xxx/CVE-2020-10576.json create mode 100644 2020/10xxx/CVE-2020-10577.json create mode 100644 2020/10xxx/CVE-2020-10578.json diff --git a/2020/10xxx/CVE-2020-10573.json b/2020/10xxx/CVE-2020-10573.json new file mode 100644 index 00000000000..5d2319fb94b --- /dev/null +++ b/2020/10xxx/CVE-2020-10573.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/meetecho/janus-gateway/pull/1988", + "refsource": "MISC", + "name": "https://github.com/meetecho/janus-gateway/pull/1988" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10574.json b/2020/10xxx/CVE-2020-10574.json new file mode 100644 index 00000000000..a4a4b07c3e5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10574.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a \"query_logger\" Admin API request, because of a typo in the JSON validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/meetecho/janus-gateway/pull/1989", + "refsource": "MISC", + "name": "https://github.com/meetecho/janus-gateway/pull/1989" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10575.json b/2020/10xxx/CVE-2020-10575.json new file mode 100644 index 00000000000..64a09ff5354 --- /dev/null +++ b/2020/10xxx/CVE-2020-10575.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/meetecho/janus-gateway/pull/1994", + "refsource": "MISC", + "name": "https://github.com/meetecho/janus-gateway/pull/1994" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10576.json b/2020/10xxx/CVE-2020-10576.json new file mode 100644 index 00000000000..b7bf26ee0e3 --- /dev/null +++ b/2020/10xxx/CVE-2020-10576.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/meetecho/janus-gateway/pull/1993", + "refsource": "MISC", + "name": "https://github.com/meetecho/janus-gateway/pull/1993" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10577.json b/2020/10xxx/CVE-2020-10577.json new file mode 100644 index 00000000000..993a9a4a7b9 --- /dev/null +++ b/2020/10xxx/CVE-2020-10577.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/meetecho/janus-gateway/pull/1990", + "refsource": "MISC", + "name": "https://github.com/meetecho/janus-gateway/pull/1990" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10578.json b/2020/10xxx/CVE-2020-10578.json new file mode 100644 index 00000000000..1756d1404a5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10578.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.csdn.net/yalecaltech/article/details/104789626", + "refsource": "MISC", + "name": "https://blog.csdn.net/yalecaltech/article/details/104789626" + } + ] + } +} \ No newline at end of file From 9f0fa01ace8d1110beb9fcd2c63eb4b98d03d1ab Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 21:01:11 +0000 Subject: [PATCH 113/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10568.json | 5 +++++ 2020/10xxx/CVE-2020-10579.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10580.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10581.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10582.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10583.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10584.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10585.json | 18 ++++++++++++++++++ 2020/10xxx/CVE-2020-10586.json | 18 ++++++++++++++++++ 9 files changed, 149 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10579.json create mode 100644 2020/10xxx/CVE-2020-10580.json create mode 100644 2020/10xxx/CVE-2020-10581.json create mode 100644 2020/10xxx/CVE-2020-10582.json create mode 100644 2020/10xxx/CVE-2020-10583.json create mode 100644 2020/10xxx/CVE-2020-10584.json create mode 100644 2020/10xxx/CVE-2020-10585.json create mode 100644 2020/10xxx/CVE-2020-10586.json diff --git a/2020/10xxx/CVE-2020-10568.json b/2020/10xxx/CVE-2020-10568.json index 43b614abc09..4f03c62844e 100644 --- a/2020/10xxx/CVE-2020-10568.json +++ b/2020/10xxx/CVE-2020-10568.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10131", + "url": "https://wpvulndb.com/vulnerabilities/10131" + }, { "url": "https://medium.com/@arall/sitepress-multilingual-cms-wplugin-wpml-4-3-7-b-2-9c9486c13577", "refsource": "MISC", diff --git a/2020/10xxx/CVE-2020-10579.json b/2020/10xxx/CVE-2020-10579.json new file mode 100644 index 00000000000..2c8614a0d4e --- /dev/null +++ b/2020/10xxx/CVE-2020-10579.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10579", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10580.json b/2020/10xxx/CVE-2020-10580.json new file mode 100644 index 00000000000..e0aa987aef5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10580.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10580", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10581.json b/2020/10xxx/CVE-2020-10581.json new file mode 100644 index 00000000000..01d336c0ea8 --- /dev/null +++ b/2020/10xxx/CVE-2020-10581.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10581", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10582.json b/2020/10xxx/CVE-2020-10582.json new file mode 100644 index 00000000000..85ac9693656 --- /dev/null +++ b/2020/10xxx/CVE-2020-10582.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10582", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10583.json b/2020/10xxx/CVE-2020-10583.json new file mode 100644 index 00000000000..d939ef5969c --- /dev/null +++ b/2020/10xxx/CVE-2020-10583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10583", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10584.json b/2020/10xxx/CVE-2020-10584.json new file mode 100644 index 00000000000..de482e7a4a9 --- /dev/null +++ b/2020/10xxx/CVE-2020-10584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10584", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10585.json b/2020/10xxx/CVE-2020-10585.json new file mode 100644 index 00000000000..dff201c1691 --- /dev/null +++ b/2020/10xxx/CVE-2020-10585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10585", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10586.json b/2020/10xxx/CVE-2020-10586.json new file mode 100644 index 00000000000..e83f76ac02d --- /dev/null +++ b/2020/10xxx/CVE-2020-10586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10586", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From b5387b12f8aafd167b7425dd0289686f9c8dbc64 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 14 Mar 2020 22:01:12 +0000 Subject: [PATCH 114/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10587.json | 67 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10588.json | 18 +++++++++ 2020/10xxx/CVE-2020-10589.json | 18 +++++++++ 3 files changed, 103 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10587.json create mode 100644 2020/10xxx/CVE-2020-10588.json create mode 100644 2020/10xxx/CVE-2020-10589.json diff --git a/2020/10xxx/CVE-2020-10587.json b/2020/10xxx/CVE-2020-10587.json new file mode 100644 index 00000000000..ad6c2e81b4c --- /dev/null +++ b/2020/10xxx/CVE-2020-10587.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "antiX and MX Linux allow local users to achieve root access via \"persist-config --command /bin/sh\" because of the Sudo configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/bash-c/d2055b5047e56a0b49c95b461347c619#file-antix-exp-sh", + "refsource": "MISC", + "name": "https://gist.github.com/bash-c/d2055b5047e56a0b49c95b461347c619#file-antix-exp-sh" + }, + { + "url": "https://gist.github.com/bash-c/d2055b5047e56a0b49c95b461347c619#file-mx-exp-sh", + "refsource": "MISC", + "name": "https://gist.github.com/bash-c/d2055b5047e56a0b49c95b461347c619#file-mx-exp-sh" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10588.json b/2020/10xxx/CVE-2020-10588.json new file mode 100644 index 00000000000..88cb699b536 --- /dev/null +++ b/2020/10xxx/CVE-2020-10588.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10588", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10589.json b/2020/10xxx/CVE-2020-10589.json new file mode 100644 index 00000000000..0a06712c0a7 --- /dev/null +++ b/2020/10xxx/CVE-2020-10589.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10589", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From f2dea089ee5af2d1cc69ae614a2079cd86b5c098 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 01:01:13 +0000 Subject: [PATCH 115/144] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20503.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/20xxx/CVE-2019-20503.json b/2019/20xxx/CVE-2019-20503.json index 1a57857d8e3..08ceca7f1f6 100644 --- a/2019/20xxx/CVE-2019-20503.json +++ b/2019/20xxx/CVE-2019-20503.json @@ -81,6 +81,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-10", "url": "https://security.gentoo.org/glsa/202003-10" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0340", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html" } ] } From 6f78dee047656e5f1abad4382cc2d2ff86133b64 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 04:01:19 +0000 Subject: [PATCH 116/144] "-Synchronized-Data." --- 2019/1010xxx/CVE-2019-1010057.json | 5 +++++ 2019/14xxx/CVE-2019-14459.json | 5 +++++ 2019/16xxx/CVE-2019-16168.json | 5 +++++ 2019/5xxx/CVE-2019-5827.json | 7 ++++++- 2020/10xxx/CVE-2020-10531.json | 5 +++++ 2020/9xxx/CVE-2020-9327.json | 5 +++++ 6 files changed, 31 insertions(+), 1 deletion(-) diff --git a/2019/1010xxx/CVE-2019-1010057.json b/2019/1010xxx/CVE-2019-1010057.json index c375594877e..295fb3bb9d6 100644 --- a/2019/1010xxx/CVE-2019-1010057.json +++ b/2019/1010xxx/CVE-2019-1010057.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-9013b5e75d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTONOGJU5FSMFNRCT6OHXYUMDRKH4RPA/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-17", + "url": "https://security.gentoo.org/glsa/202003-17" } ] } diff --git a/2019/14xxx/CVE-2019-14459.json b/2019/14xxx/CVE-2019-14459.json index a0e808c99f6..3380259f017 100644 --- a/2019/14xxx/CVE-2019-14459.json +++ b/2019/14xxx/CVE-2019-14459.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-9013b5e75d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTONOGJU5FSMFNRCT6OHXYUMDRKH4RPA/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-17", + "url": "https://security.gentoo.org/glsa/202003-17" } ] } diff --git a/2019/16xxx/CVE-2019-16168.json b/2019/16xxx/CVE-2019-16168.json index 7cdef268456..80d0e15d016 100644 --- a/2019/16xxx/CVE-2019-16168.json +++ b/2019/16xxx/CVE-2019-16168.json @@ -101,6 +101,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-16", + "url": "https://security.gentoo.org/glsa/202003-16" } ] } diff --git a/2019/5xxx/CVE-2019-5827.json b/2019/5xxx/CVE-2019-5827.json index 0e501766275..8e45adcac2f 100644 --- a/2019/5xxx/CVE-2019-5827.json +++ b/2019/5xxx/CVE-2019-5827.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-5827", - "ASSIGNER": "security@google.com", + "ASSIGNER": "chrome-cve-admin@google.com", "STATE": "PUBLIC" }, "affects": { @@ -84,6 +84,11 @@ "refsource": "UBUNTU", "name": "USN-4205-1", "url": "https://usn.ubuntu.com/4205-1/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-16", + "url": "https://security.gentoo.org/glsa/202003-16" } ] }, diff --git a/2020/10xxx/CVE-2020-10531.json b/2020/10xxx/CVE-2020-10531.json index ce30319fe8a..361104f3471 100644 --- a/2020/10xxx/CVE-2020-10531.json +++ b/2020/10xxx/CVE-2020-10531.json @@ -86,6 +86,11 @@ "url": "https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca", "refsource": "MISC", "name": "https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-15", + "url": "https://security.gentoo.org/glsa/202003-15" } ] } diff --git a/2020/9xxx/CVE-2020-9327.json b/2020/9xxx/CVE-2020-9327.json index b7d62e4f1e9..c1d95bd51cc 100644 --- a/2020/9xxx/CVE-2020-9327.json +++ b/2020/9xxx/CVE-2020-9327.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200313-0002/", "url": "https://security.netapp.com/advisory/ntap-20200313-0002/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-16", + "url": "https://security.gentoo.org/glsa/202003-16" } ] } From c39574d93555a39b964110f56ee8e722721caa21 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 05:01:15 +0000 Subject: [PATCH 117/144] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10161.json | 5 +++++ 2019/10xxx/CVE-2019-10166.json | 5 +++++ 2019/10xxx/CVE-2019-10167.json | 5 +++++ 2019/10xxx/CVE-2019-10168.json | 5 +++++ 2020/8xxx/CVE-2020-8597.json | 5 +++++ 5 files changed, 25 insertions(+) diff --git a/2019/10xxx/CVE-2019-10161.json b/2019/10xxx/CVE-2019-10161.json index 0d48c549bab..2930b34f2c1 100644 --- a/2019/10xxx/CVE-2019-10161.json +++ b/2019/10xxx/CVE-2019-10161.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4047-2", "url": "https://usn.ubuntu.com/4047-2/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-18", + "url": "https://security.gentoo.org/glsa/202003-18" } ] }, diff --git a/2019/10xxx/CVE-2019-10166.json b/2019/10xxx/CVE-2019-10166.json index bae633620b9..ad7070de072 100644 --- a/2019/10xxx/CVE-2019-10166.json +++ b/2019/10xxx/CVE-2019-10166.json @@ -56,6 +56,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166", "refsource": "CONFIRM" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-18", + "url": "https://security.gentoo.org/glsa/202003-18" } ] }, diff --git a/2019/10xxx/CVE-2019-10167.json b/2019/10xxx/CVE-2019-10167.json index ecec118c329..15630e43fe4 100644 --- a/2019/10xxx/CVE-2019-10167.json +++ b/2019/10xxx/CVE-2019-10167.json @@ -64,6 +64,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167", "refsource": "CONFIRM" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-18", + "url": "https://security.gentoo.org/glsa/202003-18" } ] }, diff --git a/2019/10xxx/CVE-2019-10168.json b/2019/10xxx/CVE-2019-10168.json index 2096735bb4a..54ddbaa9280 100644 --- a/2019/10xxx/CVE-2019-10168.json +++ b/2019/10xxx/CVE-2019-10168.json @@ -64,6 +64,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168", "refsource": "CONFIRM" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-18", + "url": "https://security.gentoo.org/glsa/202003-18" } ] }, diff --git a/2020/8xxx/CVE-2020-8597.json b/2020/8xxx/CVE-2020-8597.json index 13851cf0c9b..1d27b96909f 100644 --- a/2020/8xxx/CVE-2020-8597.json +++ b/2020/8xxx/CVE-2020-8597.json @@ -131,6 +131,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200313-0004/", "url": "https://security.netapp.com/advisory/ntap-20200313-0004/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-19", + "url": "https://security.gentoo.org/glsa/202003-19" } ] } From 84e39c5ae05d279f10d95d167a2c2c4aa6983dfd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 06:01:22 +0000 Subject: [PATCH 118/144] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16884.json | 5 +++++ 2019/19xxx/CVE-2019-19921.json | 5 +++++ 2019/5xxx/CVE-2019-5736.json | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/2019/16xxx/CVE-2019-16884.json b/2019/16xxx/CVE-2019-16884.json index ca0aa284c20..0b3ae6483ed 100644 --- a/2019/16xxx/CVE-2019-16884.json +++ b/2019/16xxx/CVE-2019-16884.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0045", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-21", + "url": "https://security.gentoo.org/glsa/202003-21" } ] } diff --git a/2019/19xxx/CVE-2019-19921.json b/2019/19xxx/CVE-2019-19921.json index 40e237ca4ed..b8454bf5d55 100644 --- a/2019/19xxx/CVE-2019-19921.json +++ b/2019/19xxx/CVE-2019-19921.json @@ -86,6 +86,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0695", "url": "https://access.redhat.com/errata/RHSA-2020:0695" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-21", + "url": "https://security.gentoo.org/glsa/202003-21" } ] } diff --git a/2019/5xxx/CVE-2019-5736.json b/2019/5xxx/CVE-2019-5736.json index a47fbc94704..422bb668dbd 100644 --- a/2019/5xxx/CVE-2019-5736.json +++ b/2019/5xxx/CVE-2019-5736.json @@ -346,6 +346,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-21", + "url": "https://security.gentoo.org/glsa/202003-21" } ] } From 366085613397265dd7dc450f5ab555facbf2d9f2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 07:01:19 +0000 Subject: [PATCH 119/144] "-Synchronized-Data." --- 2019/8xxx/CVE-2019-8625.json | 5 +++++ 2019/8xxx/CVE-2019-8674.json | 5 +++++ 2019/8xxx/CVE-2019-8707.json | 5 +++++ 2019/8xxx/CVE-2019-8710.json | 5 +++++ 2019/8xxx/CVE-2019-8719.json | 5 +++++ 2019/8xxx/CVE-2019-8726.json | 5 +++++ 2019/8xxx/CVE-2019-8733.json | 5 +++++ 2019/8xxx/CVE-2019-8735.json | 5 +++++ 2019/8xxx/CVE-2019-8743.json | 5 +++++ 2019/8xxx/CVE-2019-8763.json | 5 +++++ 2019/8xxx/CVE-2019-8764.json | 5 +++++ 2019/8xxx/CVE-2019-8765.json | 5 +++++ 2019/8xxx/CVE-2019-8766.json | 5 +++++ 2019/8xxx/CVE-2019-8768.json | 5 +++++ 2019/8xxx/CVE-2019-8769.json | 5 +++++ 2019/8xxx/CVE-2019-8782.json | 5 +++++ 2019/8xxx/CVE-2019-8783.json | 5 +++++ 2019/8xxx/CVE-2019-8808.json | 5 +++++ 2019/8xxx/CVE-2019-8811.json | 5 +++++ 2019/8xxx/CVE-2019-8812.json | 5 +++++ 2019/8xxx/CVE-2019-8813.json | 5 +++++ 2019/8xxx/CVE-2019-8814.json | 5 +++++ 2019/8xxx/CVE-2019-8815.json | 5 +++++ 2019/8xxx/CVE-2019-8816.json | 5 +++++ 2019/8xxx/CVE-2019-8819.json | 5 +++++ 2019/8xxx/CVE-2019-8820.json | 5 +++++ 2019/8xxx/CVE-2019-8821.json | 5 +++++ 2019/8xxx/CVE-2019-8822.json | 5 +++++ 2019/8xxx/CVE-2019-8823.json | 5 +++++ 2020/3xxx/CVE-2020-3862.json | 5 +++++ 2020/3xxx/CVE-2020-3865.json | 5 +++++ 2020/3xxx/CVE-2020-3867.json | 5 +++++ 2020/3xxx/CVE-2020-3868.json | 5 +++++ 33 files changed, 165 insertions(+) diff --git a/2019/8xxx/CVE-2019-8625.json b/2019/8xxx/CVE-2019-8625.json index 092210169a8..7ca563f5cc4 100644 --- a/2019/8xxx/CVE-2019-8625.json +++ b/2019/8xxx/CVE-2019-8625.json @@ -92,6 +92,11 @@ "url": "https://support.apple.com/HT210637", "refsource": "MISC", "name": "https://support.apple.com/HT210637" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8674.json b/2019/8xxx/CVE-2019-8674.json index 330c7f4e878..d1d164e450c 100644 --- a/2019/8xxx/CVE-2019-8674.json +++ b/2019/8xxx/CVE-2019-8674.json @@ -65,6 +65,11 @@ "url": "https://support.apple.com/HT210608", "refsource": "MISC", "name": "https://support.apple.com/HT210608" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8707.json b/2019/8xxx/CVE-2019-8707.json index 401460a5566..27538ceeb64 100644 --- a/2019/8xxx/CVE-2019-8707.json +++ b/2019/8xxx/CVE-2019-8707.json @@ -92,6 +92,11 @@ "url": "https://support.apple.com/HT210637", "refsource": "MISC", "name": "https://support.apple.com/HT210637" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8710.json b/2019/8xxx/CVE-2019-8710.json index de3d60a39f9..b812ea7b249 100644 --- a/2019/8xxx/CVE-2019-8710.json +++ b/2019/8xxx/CVE-2019-8710.json @@ -49,6 +49,11 @@ "url": "https://support.apple.com/HT210727", "refsource": "MISC", "name": "https://support.apple.com/HT210727" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8719.json b/2019/8xxx/CVE-2019-8719.json index 25d8750f212..2555eff9e68 100644 --- a/2019/8xxx/CVE-2019-8719.json +++ b/2019/8xxx/CVE-2019-8719.json @@ -92,6 +92,11 @@ "url": "https://support.apple.com/HT210637", "refsource": "MISC", "name": "https://support.apple.com/HT210637" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8726.json b/2019/8xxx/CVE-2019-8726.json index 346b180e1c1..ca5ef594287 100644 --- a/2019/8xxx/CVE-2019-8726.json +++ b/2019/8xxx/CVE-2019-8726.json @@ -92,6 +92,11 @@ "url": "https://support.apple.com/HT210637", "refsource": "MISC", "name": "https://support.apple.com/HT210637" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8733.json b/2019/8xxx/CVE-2019-8733.json index e3808810a2a..ba86ca846d2 100644 --- a/2019/8xxx/CVE-2019-8733.json +++ b/2019/8xxx/CVE-2019-8733.json @@ -92,6 +92,11 @@ "url": "https://support.apple.com/HT210637", "refsource": "MISC", "name": "https://support.apple.com/HT210637" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8735.json b/2019/8xxx/CVE-2019-8735.json index 54584d0bf94..175e9dcf9f2 100644 --- a/2019/8xxx/CVE-2019-8735.json +++ b/2019/8xxx/CVE-2019-8735.json @@ -92,6 +92,11 @@ "url": "https://support.apple.com/HT210637", "refsource": "MISC", "name": "https://support.apple.com/HT210637" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8743.json b/2019/8xxx/CVE-2019-8743.json index 0741b105f2d..e8888a46bca 100644 --- a/2019/8xxx/CVE-2019-8743.json +++ b/2019/8xxx/CVE-2019-8743.json @@ -49,6 +49,11 @@ "url": "https://support.apple.com/HT210724", "refsource": "MISC", "name": "https://support.apple.com/HT210724" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8763.json b/2019/8xxx/CVE-2019-8763.json index 20316e3597e..532bf100c8f 100644 --- a/2019/8xxx/CVE-2019-8763.json +++ b/2019/8xxx/CVE-2019-8763.json @@ -114,6 +114,11 @@ "url": "https://support.apple.com/HT210637", "refsource": "MISC", "name": "https://support.apple.com/HT210637" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8764.json b/2019/8xxx/CVE-2019-8764.json index ced7f64da7f..0d9b31d7348 100644 --- a/2019/8xxx/CVE-2019-8764.json +++ b/2019/8xxx/CVE-2019-8764.json @@ -49,6 +49,11 @@ "url": "https://support.apple.com/HT210724", "refsource": "MISC", "name": "https://support.apple.com/HT210724" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8765.json b/2019/8xxx/CVE-2019-8765.json index 72a04562a3f..2fb4e7be4a5 100644 --- a/2019/8xxx/CVE-2019-8765.json +++ b/2019/8xxx/CVE-2019-8765.json @@ -49,6 +49,11 @@ "url": "https://support.apple.com/HT210724", "refsource": "MISC", "name": "https://support.apple.com/HT210724" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8766.json b/2019/8xxx/CVE-2019-8766.json index a31c79cb629..aa657111afe 100644 --- a/2019/8xxx/CVE-2019-8766.json +++ b/2019/8xxx/CVE-2019-8766.json @@ -65,6 +65,11 @@ "url": "https://support.apple.com/HT210727", "refsource": "MISC", "name": "https://support.apple.com/HT210727" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8768.json b/2019/8xxx/CVE-2019-8768.json index b488b0e1ca5..19ecb273b1e 100644 --- a/2019/8xxx/CVE-2019-8768.json +++ b/2019/8xxx/CVE-2019-8768.json @@ -49,6 +49,11 @@ "url": "https://support.apple.com/HT210634", "refsource": "MISC", "name": "https://support.apple.com/HT210634" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8769.json b/2019/8xxx/CVE-2019-8769.json index 92ea1f8635d..966ef792528 100644 --- a/2019/8xxx/CVE-2019-8769.json +++ b/2019/8xxx/CVE-2019-8769.json @@ -60,6 +60,11 @@ "url": "https://support.apple.com/HT210634", "refsource": "MISC", "name": "https://support.apple.com/HT210634" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8782.json b/2019/8xxx/CVE-2019-8782.json index 7ff3b38b498..ffa406164d5 100644 --- a/2019/8xxx/CVE-2019-8782.json +++ b/2019/8xxx/CVE-2019-8782.json @@ -113,6 +113,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8783.json b/2019/8xxx/CVE-2019-8783.json index aac6714241e..f2a00eaef2a 100644 --- a/2019/8xxx/CVE-2019-8783.json +++ b/2019/8xxx/CVE-2019-8783.json @@ -129,6 +129,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8808.json b/2019/8xxx/CVE-2019-8808.json index 8643d89bc03..cde97e7d8e2 100644 --- a/2019/8xxx/CVE-2019-8808.json +++ b/2019/8xxx/CVE-2019-8808.json @@ -113,6 +113,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8811.json b/2019/8xxx/CVE-2019-8811.json index 76744a0e7c9..121066d9601 100644 --- a/2019/8xxx/CVE-2019-8811.json +++ b/2019/8xxx/CVE-2019-8811.json @@ -145,6 +145,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8812.json b/2019/8xxx/CVE-2019-8812.json index 6be41396596..53ad132d790 100644 --- a/2019/8xxx/CVE-2019-8812.json +++ b/2019/8xxx/CVE-2019-8812.json @@ -113,6 +113,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8813.json b/2019/8xxx/CVE-2019-8813.json index d94a8779d74..3b4a6fc3fd9 100644 --- a/2019/8xxx/CVE-2019-8813.json +++ b/2019/8xxx/CVE-2019-8813.json @@ -113,6 +113,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8814.json b/2019/8xxx/CVE-2019-8814.json index 1d35a25f28d..cf8f498e03a 100644 --- a/2019/8xxx/CVE-2019-8814.json +++ b/2019/8xxx/CVE-2019-8814.json @@ -129,6 +129,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8815.json b/2019/8xxx/CVE-2019-8815.json index ba9bf293a9a..130dc61c486 100644 --- a/2019/8xxx/CVE-2019-8815.json +++ b/2019/8xxx/CVE-2019-8815.json @@ -129,6 +129,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8816.json b/2019/8xxx/CVE-2019-8816.json index c2888299c50..87e5d48f040 100644 --- a/2019/8xxx/CVE-2019-8816.json +++ b/2019/8xxx/CVE-2019-8816.json @@ -145,6 +145,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8819.json b/2019/8xxx/CVE-2019-8819.json index 2c9ffaa6aad..c04f2d678eb 100644 --- a/2019/8xxx/CVE-2019-8819.json +++ b/2019/8xxx/CVE-2019-8819.json @@ -129,6 +129,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8820.json b/2019/8xxx/CVE-2019-8820.json index ccec9f0b83f..3249cd8fc22 100644 --- a/2019/8xxx/CVE-2019-8820.json +++ b/2019/8xxx/CVE-2019-8820.json @@ -145,6 +145,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8821.json b/2019/8xxx/CVE-2019-8821.json index e2a9d9d3477..6f5442d3361 100644 --- a/2019/8xxx/CVE-2019-8821.json +++ b/2019/8xxx/CVE-2019-8821.json @@ -129,6 +129,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8822.json b/2019/8xxx/CVE-2019-8822.json index 481ad2f0222..cb5d6fa36e9 100644 --- a/2019/8xxx/CVE-2019-8822.json +++ b/2019/8xxx/CVE-2019-8822.json @@ -129,6 +129,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2019/8xxx/CVE-2019-8823.json b/2019/8xxx/CVE-2019-8823.json index 9ca7d42e656..18e7616a915 100644 --- a/2019/8xxx/CVE-2019-8823.json +++ b/2019/8xxx/CVE-2019-8823.json @@ -129,6 +129,11 @@ "url": "https://support.apple.com/HT210725", "refsource": "MISC", "name": "https://support.apple.com/HT210725" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2020/3xxx/CVE-2020-3862.json b/2020/3xxx/CVE-2020-3862.json index 1e68c299361..10259a8c2b0 100644 --- a/2020/3xxx/CVE-2020-3862.json +++ b/2020/3xxx/CVE-2020-3862.json @@ -114,6 +114,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0278", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2020/3xxx/CVE-2020-3865.json b/2020/3xxx/CVE-2020-3865.json index 97120251695..11fe4ade64c 100644 --- a/2020/3xxx/CVE-2020-3865.json +++ b/2020/3xxx/CVE-2020-3865.json @@ -114,6 +114,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0278", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2020/3xxx/CVE-2020-3867.json b/2020/3xxx/CVE-2020-3867.json index bda008f5745..2a76f50eb7b 100644 --- a/2020/3xxx/CVE-2020-3867.json +++ b/2020/3xxx/CVE-2020-3867.json @@ -114,6 +114,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0278", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, diff --git a/2020/3xxx/CVE-2020-3868.json b/2020/3xxx/CVE-2020-3868.json index 97a514e8956..007b4bf71e3 100644 --- a/2020/3xxx/CVE-2020-3868.json +++ b/2020/3xxx/CVE-2020-3868.json @@ -119,6 +119,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0278", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-22", + "url": "https://security.gentoo.org/glsa/202003-22" } ] }, From 5130cd44fda5f75ed4536a3be7544ecc42dd4171 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 13:01:12 +0000 Subject: [PATCH 120/144] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15126.json | 5 +++++ 2020/7xxx/CVE-2020-7059.json | 5 +++++ 2020/7xxx/CVE-2020-7060.json | 5 +++++ 2020/7xxx/CVE-2020-7062.json | 5 +++++ 2020/7xxx/CVE-2020-7063.json | 5 +++++ 5 files changed, 25 insertions(+) diff --git a/2019/15xxx/CVE-2019-15126.json b/2019/15xxx/CVE-2019-15126.json index 09cbcff3d6f..cc8984e0b33 100644 --- a/2019/15xxx/CVE-2019-15126.json +++ b/2019/15xxx/CVE-2019-15126.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_20_03", + "url": "https://www.synology.com/security/advisory/Synology_SA_20_03" } ] } diff --git a/2020/7xxx/CVE-2020-7059.json b/2020/7xxx/CVE-2020-7059.json index 13e26a0ed59..3caeacd585d 100644 --- a/2020/7xxx/CVE-2020-7059.json +++ b/2020/7xxx/CVE-2020-7059.json @@ -130,6 +130,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0341", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7060.json b/2020/7xxx/CVE-2020-7060.json index 5654b4449b0..f1cbb7cc540 100644 --- a/2020/7xxx/CVE-2020-7060.json +++ b/2020/7xxx/CVE-2020-7060.json @@ -130,6 +130,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0341", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7062.json b/2020/7xxx/CVE-2020-7062.json index d6795d5d42e..67de6755f20 100644 --- a/2020/7xxx/CVE-2020-7062.json +++ b/2020/7xxx/CVE-2020-7062.json @@ -101,6 +101,11 @@ "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=79221", "name": "https://bugs.php.net/bug.php?id=79221" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0341", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7063.json b/2020/7xxx/CVE-2020-7063.json index 028e414b42d..5770c2a5197 100644 --- a/2020/7xxx/CVE-2020-7063.json +++ b/2020/7xxx/CVE-2020-7063.json @@ -95,6 +95,11 @@ "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=79082", "name": "https://bugs.php.net/bug.php?id=79082" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0341", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html" } ] }, From eea7d36436366ba2c10d330d710f7b6b569e3f45 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 16:01:16 +0000 Subject: [PATCH 121/144] "-Synchronized-Data." --- 2015/9xxx/CVE-2015-9251.json | 5 +++++ 2018/14xxx/CVE-2018-14040.json | 5 +++++ 2018/14xxx/CVE-2018-14041.json | 10 ++++++++++ 2018/14xxx/CVE-2018-14042.json | 10 ++++++++++ 2019/11xxx/CVE-2019-11358.json | 5 +++++ 2019/2xxx/CVE-2019-2201.json | 5 +++++ 2019/8xxx/CVE-2019-8331.json | 5 +++++ 2020/0xxx/CVE-2020-0796.json | 10 ++++++++++ 2020/1xxx/CVE-2020-1737.json | 10 ++++++++++ 2020/1xxx/CVE-2020-1739.json | 10 ++++++++++ 10 files changed, 75 insertions(+) diff --git a/2015/9xxx/CVE-2015-9251.json b/2015/9xxx/CVE-2015-9251.json index fe12ae4229a..7391a83ebc4 100644 --- a/2015/9xxx/CVE-2015-9251.json +++ b/2015/9xxx/CVE-2015-9251.json @@ -206,6 +206,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0729", "url": "https://access.redhat.com/errata/RHSA-2020:0729" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", + "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" } ] } diff --git a/2018/14xxx/CVE-2018-14040.json b/2018/14xxx/CVE-2018-14040.json index c2a9bee4d26..50a2829c9d0 100644 --- a/2018/14xxx/CVE-2018-14040.json +++ b/2018/14xxx/CVE-2018-14040.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", + "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" } ] } diff --git a/2018/14xxx/CVE-2018-14041.json b/2018/14xxx/CVE-2018-14041.json index 48680716aed..85314e4d0fd 100644 --- a/2018/14xxx/CVE-2018-14041.json +++ b/2018/14xxx/CVE-2018-14041.json @@ -116,6 +116,16 @@ "refsource": "MLIST", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", + "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" } ] } diff --git a/2018/14xxx/CVE-2018-14042.json b/2018/14xxx/CVE-2018-14042.json index 957d4805481..156b417807e 100644 --- a/2018/14xxx/CVE-2018-14042.json +++ b/2018/14xxx/CVE-2018-14042.json @@ -106,6 +106,16 @@ "refsource": "MLIST", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", + "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" } ] } diff --git a/2019/11xxx/CVE-2019-11358.json b/2019/11xxx/CVE-2019-11358.json index 79fcba07e6c..bedeebd3852 100644 --- a/2019/11xxx/CVE-2019-11358.json +++ b/2019/11xxx/CVE-2019-11358.json @@ -311,6 +311,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", + "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" } ] } diff --git a/2019/2xxx/CVE-2019-2201.json b/2019/2xxx/CVE-2019-2201.json index bd5ee5f79b2..57072573d81 100644 --- a/2019/2xxx/CVE-2019-2201.json +++ b/2019/2xxx/CVE-2019-2201.json @@ -68,6 +68,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2530", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00048.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-23", + "url": "https://security.gentoo.org/glsa/202003-23" } ] }, diff --git a/2019/8xxx/CVE-2019-8331.json b/2019/8xxx/CVE-2019-8331.json index 7199e8ec048..8a0de13d448 100644 --- a/2019/8xxx/CVE-2019-8331.json +++ b/2019/8xxx/CVE-2019-8331.json @@ -161,6 +161,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K24383845?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", + "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" } ] } diff --git a/2020/0xxx/CVE-2020-0796.json b/2020/0xxx/CVE-2020-0796.json index 274d7184ca5..58d816ba053 100644 --- a/2020/0xxx/CVE-2020-0796.json +++ b/2020/0xxx/CVE-2020-0796.json @@ -126,6 +126,16 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html" } ] } diff --git a/2020/1xxx/CVE-2020-1737.json b/2020/1xxx/CVE-2020-1737.json index e49e83f06d4..d27b59d419d 100644 --- a/2020/1xxx/CVE-2020-1737.json +++ b/2020/1xxx/CVE-2020-1737.json @@ -62,6 +62,16 @@ "url": "https://github.com/ansible/ansible/issues/67795", "name": "https://github.com/ansible/ansible/issues/67795", "refsource": "MISC" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a3f12bcff4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-0cab7041f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" } ] }, diff --git a/2020/1xxx/CVE-2020-1739.json b/2020/1xxx/CVE-2020-1739.json index 4bdcb57dbbb..adf703d9809 100644 --- a/2020/1xxx/CVE-2020-1739.json +++ b/2020/1xxx/CVE-2020-1739.json @@ -59,6 +59,16 @@ "url": "https://github.com/ansible/ansible/issues/67797", "name": "https://github.com/ansible/ansible/issues/67797", "refsource": "MISC" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a3f12bcff4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-0cab7041f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/" } ] }, From e2776f3114e8befad8bd99bcfb93f927b833c606 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 17:01:12 +0000 Subject: [PATCH 122/144] "-Synchronized-Data." --- 2017/17xxx/CVE-2017-17095.json | 5 +++++ 2018/19xxx/CVE-2018-19210.json | 5 +++++ 2019/17xxx/CVE-2019-17546.json | 5 +++++ 2019/18xxx/CVE-2019-18218.json | 5 +++++ 2019/6xxx/CVE-2019-6128.json | 5 +++++ 2019/7xxx/CVE-2019-7663.json | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/2017/17xxx/CVE-2017-17095.json b/2017/17xxx/CVE-2017-17095.json index ee0ba9a0fad..8859513873b 100644 --- a/2017/17xxx/CVE-2017-17095.json +++ b/2017/17xxx/CVE-2017-17095.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-25", + "url": "https://security.gentoo.org/glsa/202003-25" } ] } diff --git a/2018/19xxx/CVE-2018-19210.json b/2018/19xxx/CVE-2018-19210.json index c72e58dcfd9..603b5d46038 100644 --- a/2018/19xxx/CVE-2018-19210.json +++ b/2018/19xxx/CVE-2018-19210.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html", "url": "http://packetstormsecurity.com/files/155095/Slackware-Security-Advisory-libtiff-Updates.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-25", + "url": "https://security.gentoo.org/glsa/202003-25" } ] } diff --git a/2019/17xxx/CVE-2019-17546.json b/2019/17xxx/CVE-2019-17546.json index 36c889acaa4..73db7552dd1 100644 --- a/2019/17xxx/CVE-2019-17546.json +++ b/2019/17xxx/CVE-2019-17546.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6f1209bb45", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3S4WNIMZ7XSLY2LD5FPRPZMGNUBVKOG/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-25", + "url": "https://security.gentoo.org/glsa/202003-25" } ] } diff --git a/2019/18xxx/CVE-2019-18218.json b/2019/18xxx/CVE-2019-18218.json index 02d3c488d50..bbbc99ffb04 100644 --- a/2019/18xxx/CVE-2019-18218.json +++ b/2019/18xxx/CVE-2019-18218.json @@ -101,6 +101,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200115-0001/", "url": "https://security.netapp.com/advisory/ntap-20200115-0001/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-24", + "url": "https://security.gentoo.org/glsa/202003-24" } ] } diff --git a/2019/6xxx/CVE-2019-6128.json b/2019/6xxx/CVE-2019-6128.json index 158bbb392d9..42f22fdb4fa 100644 --- a/2019/6xxx/CVE-2019-6128.json +++ b/2019/6xxx/CVE-2019-6128.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-25", + "url": "https://security.gentoo.org/glsa/202003-25" } ] } diff --git a/2019/7xxx/CVE-2019-7663.json b/2019/7xxx/CVE-2019-7663.json index 3a9c2df7108..1b4fa4b5a83 100644 --- a/2019/7xxx/CVE-2019-7663.json +++ b/2019/7xxx/CVE-2019-7663.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39", "url": "https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-25", + "url": "https://security.gentoo.org/glsa/202003-25" } ] } From 463af1df4a125e7f2cab298bf547e00bb1291622 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 18:01:13 +0000 Subject: [PATCH 123/144] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15608.json | 65 ++++++++++++++++++++++++++++++++++ 2020/8xxx/CVE-2020-8141.json | 50 ++++++++++++++++++++++++-- 2 files changed, 112 insertions(+), 3 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15608.json diff --git a/2019/15xxx/CVE-2019-15608.json b/2019/15xxx/CVE-2019-15608.json new file mode 100644 index 00000000000..3a3873f537b --- /dev/null +++ b/2019/15xxx/CVE-2019-15608.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15608", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "yarn", + "version": { + "version_data": [ + { + "version_value": "before 1.19.0" + }, + { + "version_value": "fixed in 1.19.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Business Logic Errors (CWE-840)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/703138", + "url": "https://hackerone.com/reports/703138" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. This issue is fixed in 1.19.0." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8141.json b/2020/8xxx/CVE-2020-8141.json index d8556cc78b4..0ccc3a26537 100644 --- a/2020/8xxx/CVE-2020-8141.json +++ b/2020/8xxx/CVE-2020-8141.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "dot", + "version": { + "version_data": [ + { + "version_value": "1.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection (CWE-94)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/390929", + "url": "https://hackerone.com/reports/390929" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype." } ] } From 32095e279f9a31b4fc338168dc9e5ba2d642e850 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 19:01:12 +0000 Subject: [PATCH 124/144] "-Synchronized-Data." --- 2018/20xxx/CVE-2018-20852.json | 5 +++++ 2019/14xxx/CVE-2019-14889.json | 5 +++++ 2019/18xxx/CVE-2019-18408.json | 5 +++++ 2019/19xxx/CVE-2019-19604.json | 5 +++++ 2019/1xxx/CVE-2019-1348.json | 5 +++++ 2019/1xxx/CVE-2019-1349.json | 5 +++++ 2019/1xxx/CVE-2019-1350.json | 5 +++++ 2019/1xxx/CVE-2019-1351.json | 5 +++++ 2019/1xxx/CVE-2019-1352.json | 5 +++++ 2019/1xxx/CVE-2019-1353.json | 5 +++++ 2019/1xxx/CVE-2019-1354.json | 5 +++++ 2019/1xxx/CVE-2019-1387.json | 5 +++++ 2019/5xxx/CVE-2019-5010.json | 5 +++++ 2019/5xxx/CVE-2019-5435.json | 5 +++++ 2019/5xxx/CVE-2019-5436.json | 5 +++++ 2019/5xxx/CVE-2019-5481.json | 5 +++++ 2019/5xxx/CVE-2019-5482.json | 5 +++++ 2019/9xxx/CVE-2019-9636.json | 5 +++++ 2019/9xxx/CVE-2019-9740.json | 5 +++++ 2019/9xxx/CVE-2019-9947.json | 5 +++++ 2019/9xxx/CVE-2019-9948.json | 5 +++++ 2020/9xxx/CVE-2020-9308.json | 5 +++++ 22 files changed, 110 insertions(+) diff --git a/2018/20xxx/CVE-2018-20852.json b/2018/20xxx/CVE-2018-20852.json index 94b3503f277..4c8a2de0571 100644 --- a/2018/20xxx/CVE-2018-20852.json +++ b/2018/20xxx/CVE-2018-20852.json @@ -121,6 +121,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0086", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-26", + "url": "https://security.gentoo.org/glsa/202003-26" } ] } diff --git a/2019/14xxx/CVE-2019-14889.json b/2019/14xxx/CVE-2019-14889.json index 58d4f553756..8faf75b5756 100644 --- a/2019/14xxx/CVE-2019-14889.json +++ b/2019/14xxx/CVE-2019-14889.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0102", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-27", + "url": "https://security.gentoo.org/glsa/202003-27" } ] }, diff --git a/2019/18xxx/CVE-2019-18408.json b/2019/18xxx/CVE-2019-18408.json index 0d142c4b620..caabc16d641 100644 --- a/2019/18xxx/CVE-2019-18408.json +++ b/2019/18xxx/CVE-2019-18408.json @@ -116,6 +116,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0203", "url": "https://access.redhat.com/errata/RHSA-2020:0203" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-28", + "url": "https://security.gentoo.org/glsa/202003-28" } ] } diff --git a/2019/19xxx/CVE-2019-19604.json b/2019/19xxx/CVE-2019-19604.json index 47b5946595f..0ea019bfd54 100644 --- a/2019/19xxx/CVE-2019-19604.json +++ b/2019/19xxx/CVE-2019-19604.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0123", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-30", + "url": "https://security.gentoo.org/glsa/202003-30" } ] } diff --git a/2019/1xxx/CVE-2019-1348.json b/2019/1xxx/CVE-2019-1348.json index 6721fb0125d..65e3b3996ab 100644 --- a/2019/1xxx/CVE-2019-1348.json +++ b/2019/1xxx/CVE-2019-1348.json @@ -68,6 +68,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0228", "url": "https://access.redhat.com/errata/RHSA-2020:0228" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-30", + "url": "https://security.gentoo.org/glsa/202003-30" } ] }, diff --git a/2019/1xxx/CVE-2019-1349.json b/2019/1xxx/CVE-2019-1349.json index 33f20393bf9..ef48ead48bc 100644 --- a/2019/1xxx/CVE-2019-1349.json +++ b/2019/1xxx/CVE-2019-1349.json @@ -101,6 +101,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0228", "url": "https://access.redhat.com/errata/RHSA-2020:0228" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-30", + "url": "https://security.gentoo.org/glsa/202003-30" } ] } diff --git a/2019/1xxx/CVE-2019-1350.json b/2019/1xxx/CVE-2019-1350.json index a6d05a6be5b..98696f48a79 100644 --- a/2019/1xxx/CVE-2019-1350.json +++ b/2019/1xxx/CVE-2019-1350.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0123", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-30", + "url": "https://security.gentoo.org/glsa/202003-30" } ] } diff --git a/2019/1xxx/CVE-2019-1351.json b/2019/1xxx/CVE-2019-1351.json index 3ab1b576c81..e4b0eec98d5 100644 --- a/2019/1xxx/CVE-2019-1351.json +++ b/2019/1xxx/CVE-2019-1351.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0123", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-30", + "url": "https://security.gentoo.org/glsa/202003-30" } ] } diff --git a/2019/1xxx/CVE-2019-1352.json b/2019/1xxx/CVE-2019-1352.json index f9760b622a2..d5d6a0f26b0 100644 --- a/2019/1xxx/CVE-2019-1352.json +++ b/2019/1xxx/CVE-2019-1352.json @@ -101,6 +101,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0228", "url": "https://access.redhat.com/errata/RHSA-2020:0228" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-30", + "url": "https://security.gentoo.org/glsa/202003-30" } ] } diff --git a/2019/1xxx/CVE-2019-1353.json b/2019/1xxx/CVE-2019-1353.json index 04c57c04820..ea115b3aa2e 100644 --- a/2019/1xxx/CVE-2019-1353.json +++ b/2019/1xxx/CVE-2019-1353.json @@ -58,6 +58,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0123", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-30", + "url": "https://security.gentoo.org/glsa/202003-30" } ] }, diff --git a/2019/1xxx/CVE-2019-1354.json b/2019/1xxx/CVE-2019-1354.json index 069b41d1dfc..331e6ae440d 100644 --- a/2019/1xxx/CVE-2019-1354.json +++ b/2019/1xxx/CVE-2019-1354.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0123", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-30", + "url": "https://security.gentoo.org/glsa/202003-30" } ] } diff --git a/2019/1xxx/CVE-2019-1387.json b/2019/1xxx/CVE-2019-1387.json index efb7b0c1fda..fce76916b50 100644 --- a/2019/1xxx/CVE-2019-1387.json +++ b/2019/1xxx/CVE-2019-1387.json @@ -118,6 +118,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0228", "url": "https://access.redhat.com/errata/RHSA-2020:0228" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-30", + "url": "https://security.gentoo.org/glsa/202003-30" } ] }, diff --git a/2019/5xxx/CVE-2019-5010.json b/2019/5xxx/CVE-2019-5010.json index 33d5e1845cc..84bc88c0137 100644 --- a/2019/5xxx/CVE-2019-5010.json +++ b/2019/5xxx/CVE-2019-5010.json @@ -63,6 +63,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0086", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-26", + "url": "https://security.gentoo.org/glsa/202003-26" } ] }, diff --git a/2019/5xxx/CVE-2019-5435.json b/2019/5xxx/CVE-2019-5435.json index 954ed971159..e2db9b8e475 100644 --- a/2019/5xxx/CVE-2019-5435.json +++ b/2019/5xxx/CVE-2019-5435.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-29", + "url": "https://security.gentoo.org/glsa/202003-29" } ] }, diff --git a/2019/5xxx/CVE-2019-5436.json b/2019/5xxx/CVE-2019-5436.json index 8328e4f1e2c..d38d89f7327 100644 --- a/2019/5xxx/CVE-2019-5436.json +++ b/2019/5xxx/CVE-2019-5436.json @@ -98,6 +98,11 @@ "refsource": "BUGTRAQ", "name": "20200225 [SECURITY] [DSA 4633-1] curl security update", "url": "https://seclists.org/bugtraq/2020/Feb/36" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-29", + "url": "https://security.gentoo.org/glsa/202003-29" } ] }, diff --git a/2019/5xxx/CVE-2019-5481.json b/2019/5xxx/CVE-2019-5481.json index eea61fd1127..ef968052725 100644 --- a/2019/5xxx/CVE-2019-5481.json +++ b/2019/5xxx/CVE-2019-5481.json @@ -93,6 +93,11 @@ "refsource": "BUGTRAQ", "name": "20200225 [SECURITY] [DSA 4633-1] curl security update", "url": "https://seclists.org/bugtraq/2020/Feb/36" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-29", + "url": "https://security.gentoo.org/glsa/202003-29" } ] }, diff --git a/2019/5xxx/CVE-2019-5482.json b/2019/5xxx/CVE-2019-5482.json index d6ff2bc2673..18258763df2 100644 --- a/2019/5xxx/CVE-2019-5482.json +++ b/2019/5xxx/CVE-2019-5482.json @@ -93,6 +93,11 @@ "refsource": "BUGTRAQ", "name": "20200225 [SECURITY] [DSA 4633-1] curl security update", "url": "https://seclists.org/bugtraq/2020/Feb/36" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-29", + "url": "https://security.gentoo.org/glsa/202003-29" } ] }, diff --git a/2019/9xxx/CVE-2019-9636.json b/2019/9xxx/CVE-2019-9636.json index 61c352b3f52..d181d9eaf7c 100644 --- a/2019/9xxx/CVE-2019-9636.json +++ b/2019/9xxx/CVE-2019-9636.json @@ -291,6 +291,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0086", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-26", + "url": "https://security.gentoo.org/glsa/202003-26" } ] } diff --git a/2019/9xxx/CVE-2019-9740.json b/2019/9xxx/CVE-2019-9740.json index f5151d2e757..161e080b8c3 100644 --- a/2019/9xxx/CVE-2019-9740.json +++ b/2019/9xxx/CVE-2019-9740.json @@ -171,6 +171,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-57462fa10d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-26", + "url": "https://security.gentoo.org/glsa/202003-26" } ] } diff --git a/2019/9xxx/CVE-2019-9947.json b/2019/9xxx/CVE-2019-9947.json index 84b1296156f..6c983cf5ad4 100644 --- a/2019/9xxx/CVE-2019-9947.json +++ b/2019/9xxx/CVE-2019-9947.json @@ -136,6 +136,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0086", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-26", + "url": "https://security.gentoo.org/glsa/202003-26" } ] } diff --git a/2019/9xxx/CVE-2019-9948.json b/2019/9xxx/CVE-2019-9948.json index 68f4bc31c9d..52e418b8666 100644 --- a/2019/9xxx/CVE-2019-9948.json +++ b/2019/9xxx/CVE-2019-9948.json @@ -141,6 +141,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3520", "url": "https://access.redhat.com/errata/RHSA-2019:3520" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-26", + "url": "https://security.gentoo.org/glsa/202003-26" } ] } diff --git a/2020/9xxx/CVE-2020-9308.json b/2020/9xxx/CVE-2020-9308.json index d7ec25dde2f..57912ad7cb8 100644 --- a/2020/9xxx/CVE-2020-9308.json +++ b/2020/9xxx/CVE-2020-9308.json @@ -66,6 +66,11 @@ "url": "https://github.com/libarchive/libarchive/pull/1326/commits/94821008d6eea81e315c5881cdf739202961040a", "refsource": "MISC", "name": "https://github.com/libarchive/libarchive/pull/1326/commits/94821008d6eea81e315c5881cdf739202961040a" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-28", + "url": "https://security.gentoo.org/glsa/202003-28" } ] } From 117bd7aa89e8d004d77287a1041cb090e90f344b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 21:01:15 +0000 Subject: [PATCH 125/144] "-Synchronized-Data." --- 2019/1010xxx/CVE-2019-1010180.json | 5 +++ 2019/13xxx/CVE-2019-13627.json | 5 +++ 2020/10xxx/CVE-2020-10588.json | 56 ++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10589.json | 56 ++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10590.json | 18 ++++++++ 2020/10xxx/CVE-2020-10591.json | 67 ++++++++++++++++++++++++++++++ 6 files changed, 195 insertions(+), 12 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10590.json create mode 100644 2020/10xxx/CVE-2020-10591.json diff --git a/2019/1010xxx/CVE-2019-1010180.json b/2019/1010xxx/CVE-2019-1010180.json index 83762c5093b..3c74398dd0b 100644 --- a/2019/1010xxx/CVE-2019-1010180.json +++ b/2019/1010xxx/CVE-2019-1010180.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2494", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-31", + "url": "https://security.gentoo.org/glsa/202003-31" } ] } diff --git a/2019/13xxx/CVE-2019-13627.json b/2019/13xxx/CVE-2019-13627.json index 01f85e5c732..4a75a9d13c9 100644 --- a/2019/13xxx/CVE-2019-13627.json +++ b/2019/13xxx/CVE-2019-13627.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4236-3", "url": "https://usn.ubuntu.com/4236-3/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-32", + "url": "https://security.gentoo.org/glsa/202003-32" } ] } diff --git a/2020/10xxx/CVE-2020-10588.json b/2020/10xxx/CVE-2020-10588.json index 88cb699b536..744d0b8bb76 100644 --- a/2020/10xxx/CVE-2020-10588.json +++ b/2020/10xxx/CVE-2020-10588.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10588", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10588", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp1-sh", + "refsource": "MISC", + "name": "https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp1-sh" } ] } diff --git a/2020/10xxx/CVE-2020-10589.json b/2020/10xxx/CVE-2020-10589.json index 0a06712c0a7..81887c7a453 100644 --- a/2020/10xxx/CVE-2020-10589.json +++ b/2020/10xxx/CVE-2020-10589.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10589", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10589", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp2-sh", + "refsource": "MISC", + "name": "https://gist.github.com/bash-c/6ac238e8b15e60c9105e8cb6b42ec43c#file-v2rayl-lpe-exp2-sh" } ] } diff --git a/2020/10xxx/CVE-2020-10590.json b/2020/10xxx/CVE-2020-10590.json new file mode 100644 index 00000000000..2b855aa2793 --- /dev/null +++ b/2020/10xxx/CVE-2020-10590.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10590", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10591.json b/2020/10xxx/CVE-2020-10591.json new file mode 100644 index 00000000000..086e7af2abd --- /dev/null +++ b/2020/10xxx/CVE-2020-10591.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/walmartlabs/concord/issues/22", + "refsource": "MISC", + "name": "https://github.com/walmartlabs/concord/issues/22" + }, + { + "url": "https://github.com/walmartlabs/concord/compare/1.43.0...1.44.0", + "refsource": "MISC", + "name": "https://github.com/walmartlabs/concord/compare/1.43.0...1.44.0" + } + ] + } +} \ No newline at end of file From 525f62085d3c815d8d334dec216531cf00fbc499 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 22:01:14 +0000 Subject: [PATCH 126/144] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17569.json | 5 +++ 2019/20xxx/CVE-2019-20446.json | 5 +++ 2019/2xxx/CVE-2019-2058.json | 58 +++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2088.json | 58 +++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2089.json | 58 +++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2216.json | 58 +++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9288.json | 4 +- 2019/9xxx/CVE-2019-9473.json | 58 +++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9474.json | 58 +++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9928.json | 5 +++ 2020/0xxx/CVE-2020-0086.json | 62 +++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0088.json | 62 +++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10592.json | 18 +++++++++ 2020/10xxx/CVE-2020-10593.json | 18 +++++++++ 2020/10xxx/CVE-2020-10594.json | 72 ++++++++++++++++++++++++++++++++++ 2020/1xxx/CVE-2020-1935.json | 5 +++ 2020/1xxx/CVE-2020-1938.json | 5 +++ 2020/7xxx/CVE-2020-7601.json | 50 +++++++++++++++++++++-- 2020/7xxx/CVE-2020-7602.json | 50 +++++++++++++++++++++-- 2020/7xxx/CVE-2020-7603.json | 50 +++++++++++++++++++++-- 2020/7xxx/CVE-2020-7604.json | 50 +++++++++++++++++++++-- 2020/7xxx/CVE-2020-7605.json | 50 +++++++++++++++++++++-- 2020/7xxx/CVE-2020-7606.json | 50 +++++++++++++++++++++-- 2020/7xxx/CVE-2020-7607.json | 50 +++++++++++++++++++++-- 2020/9xxx/CVE-2020-9287.json | 50 +++++++++++++++++++++-- 2020/9xxx/CVE-2020-9290.json | 50 +++++++++++++++++++++-- 26 files changed, 988 insertions(+), 71 deletions(-) create mode 100644 2020/0xxx/CVE-2020-0086.json create mode 100644 2020/0xxx/CVE-2020-0088.json create mode 100644 2020/10xxx/CVE-2020-10592.json create mode 100644 2020/10xxx/CVE-2020-10593.json create mode 100644 2020/10xxx/CVE-2020-10594.json diff --git a/2019/17xxx/CVE-2019-17569.json b/2019/17xxx/CVE-2019-17569.json index bc56a6e83d6..13b566b64c7 100644 --- a/2019/17xxx/CVE-2019-17569.json +++ b/2019/17xxx/CVE-2019-17569.json @@ -59,6 +59,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0345", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html" } ] }, diff --git a/2019/20xxx/CVE-2019-20446.json b/2019/20xxx/CVE-2019-20446.json index 3004007b7bb..de0a803e312 100644 --- a/2019/20xxx/CVE-2019-20446.json +++ b/2019/20xxx/CVE-2019-20446.json @@ -56,6 +56,11 @@ "url": "https://gitlab.gnome.org/GNOME/librsvg/issues/515", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/librsvg/issues/515" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0343", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html" } ] } diff --git a/2019/2xxx/CVE-2019-2058.json b/2019/2xxx/CVE-2019-2058.json index f87c370a053..8a284cca783 100644 --- a/2019/2xxx/CVE-2019-2058.json +++ b/2019/2xxx/CVE-2019-2058.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2058", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2058", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In libAACdec, there is a possible out of bounds read. This could lead to remote information disclosure, with no additional execution privileges needed. User interaction is needed for exploitation.Product: Android Versions: Android-10 Android ID: A-136089102" } ] } diff --git a/2019/2xxx/CVE-2019-2088.json b/2019/2xxx/CVE-2019-2088.json index fb465d138e2..5c7b20496f4 100644 --- a/2019/2xxx/CVE-2019-2088.json +++ b/2019/2xxx/CVE-2019-2088.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2088", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2088", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In StatsService, there is a possible out of bounds read. This could lead to local information disclosure if UBSAN were not enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-143895055" } ] } diff --git a/2019/2xxx/CVE-2019-2089.json b/2019/2xxx/CVE-2019-2089.json index ac0d5731312..af798e2237a 100644 --- a/2019/2xxx/CVE-2019-2089.json +++ b/2019/2xxx/CVE-2019-2089.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2089", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2089", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android ID: A-116608833" } ] } diff --git a/2019/2xxx/CVE-2019-2216.json b/2019/2xxx/CVE-2019-2216.json index b20300fa179..b58202f9d7d 100644 --- a/2019/2xxx/CVE-2019-2216.json +++ b/2019/2xxx/CVE-2019-2216.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2216", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2216", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlaying app, with User execution privileges needed. User interaction is needed for exploitation.Product: Android Versions: Android-10 Android ID: A-38390530" } ] } diff --git a/2019/9xxx/CVE-2019-9288.json b/2019/9xxx/CVE-2019-9288.json index 64275858736..e88c64c58d0 100644 --- a/2019/9xxx/CVE-2019-9288.json +++ b/2019/9xxx/CVE-2019-9288.json @@ -45,7 +45,7 @@ "references": { "reference_data": [ { - "refsource": "MISC", + "refsource": "CONFIRM", "name": "https://source.android.com/security/bulletin/android-10", "url": "https://source.android.com/security/bulletin/android-10" } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the USB service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111363077" + "value": "In libhidcommand_jni, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the USB service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android Versions: Android-10 Android ID: A-111363077" } ] } diff --git a/2019/9xxx/CVE-2019-9473.json b/2019/9xxx/CVE-2019-9473.json index f9a5c31f388..386998c64b5 100644 --- a/2019/9xxx/CVE-2019-9473.json +++ b/2019/9xxx/CVE-2019-9473.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9473", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9473", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-115363533" } ] } diff --git a/2019/9xxx/CVE-2019-9474.json b/2019/9xxx/CVE-2019-9474.json index 6ac821f08ec..adb01e102df 100644 --- a/2019/9xxx/CVE-2019-9474.json +++ b/2019/9xxx/CVE-2019-9474.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9474", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9474", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-79996267" } ] } diff --git a/2019/9xxx/CVE-2019-9928.json b/2019/9xxx/CVE-2019-9928.json index 06535676cc0..fbff7042145 100644 --- a/2019/9xxx/CVE-2019-9928.json +++ b/2019/9xxx/CVE-2019-9928.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1639", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-33", + "url": "https://security.gentoo.org/glsa/202003-33" } ] } diff --git a/2020/0xxx/CVE-2020-0086.json b/2020/0xxx/CVE-2020-0086.json new file mode 100644 index 00000000000..12f0f26b4e1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0086.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0086", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are required. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-131859347" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0088.json b/2020/0xxx/CVE-2020-0088.json new file mode 100644 index 00000000000..70ba1bab68d --- /dev/null +++ b/2020/0xxx/CVE-2020-0088.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0088", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/android-10", + "url": "https://source.android.com/security/bulletin/android-10" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android ID: A-124389881" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10592.json b/2020/10xxx/CVE-2020-10592.json new file mode 100644 index 00000000000..25b5bd39829 --- /dev/null +++ b/2020/10xxx/CVE-2020-10592.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10592", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10593.json b/2020/10xxx/CVE-2020-10593.json new file mode 100644 index 00000000000..1ba6f822a7e --- /dev/null +++ b/2020/10xxx/CVE-2020-10593.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10593", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10594.json b/2020/10xxx/CVE-2020-10594.json new file mode 100644 index 00000000000..e7cc290b58a --- /dev/null +++ b/2020/10xxx/CVE-2020-10594.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of jpadilla/django-rest-framework-jwt, which is unmaintained." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Styria-Digital/django-rest-framework-jwt/issues/36", + "refsource": "MISC", + "name": "https://github.com/Styria-Digital/django-rest-framework-jwt/issues/36" + }, + { + "url": "https://pypi.org/project/drf-jwt/1.15.1/#history", + "refsource": "MISC", + "name": "https://pypi.org/project/drf-jwt/1.15.1/#history" + }, + { + "url": "https://github.com/jpadilla/django-rest-framework-jwt/issues/484", + "refsource": "MISC", + "name": "https://github.com/jpadilla/django-rest-framework-jwt/issues/484" + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1935.json b/2020/1xxx/CVE-2020-1935.json index 35334abc2ea..c9b4cf4703f 100644 --- a/2020/1xxx/CVE-2020-1935.json +++ b/2020/1xxx/CVE-2020-1935.json @@ -59,6 +59,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0345", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html" } ] }, diff --git a/2020/1xxx/CVE-2020-1938.json b/2020/1xxx/CVE-2020-1938.json index 42f5852d712..67c2346e7f9 100644 --- a/2020/1xxx/CVE-2020-1938.json +++ b/2020/1xxx/CVE-2020-1938.json @@ -164,6 +164,11 @@ "refsource": "MLIST", "name": "[tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1", "url": "https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3E" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0345", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html" } ] }, diff --git a/2020/7xxx/CVE-2020-7601.json b/2020/7xxx/CVE-2020-7601.json index d8d032dd103..7bed5a264a1 100644 --- a/2020/7xxx/CVE-2020-7601.json +++ b/2020/7xxx/CVE-2020-7601.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gulp-scss-lint", + "version": { + "version_data": [ + { + "version_value": "All versions including 1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-GULPSCSSLINT-560114", + "url": "https://snyk.io/vuln/SNYK-JS-GULPSCSSLINT-560114" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the \"exec\" function located in \"src/command.js\" via the provided options." } ] } diff --git a/2020/7xxx/CVE-2020-7602.json b/2020/7xxx/CVE-2020-7602.json index 69a41374107..efe8af2566d 100644 --- a/2020/7xxx/CVE-2020-7602.json +++ b/2020/7xxx/CVE-2020-7602.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "node-prompt-here", + "version": { + "version_data": [ + { + "version_value": "All versions including 1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-NODEPROMPTHERE-560115", + "url": "https://snyk.io/vuln/SNYK-JS-NODEPROMPTHERE-560115" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "node-prompt-here through 1.0.1 allows execution of arbitrary commands. The \"runCommand()\" is called by \"getDevices()\" function in file \"linux/manager.js\", which is required by the \"index. process.env.NM_CLI\" in the file \"linux/manager.js\". This function is used to construct the argument of function \"execSync()\", which can be controlled by users without any sanitization." } ] } diff --git a/2020/7xxx/CVE-2020-7603.json b/2020/7xxx/CVE-2020-7603.json index c7d17b1185a..05eb5b36c27 100644 --- a/2020/7xxx/CVE-2020-7603.json +++ b/2020/7xxx/CVE-2020-7603.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "closure-compiler-stream", + "version": { + "version_data": [ + { + "version_value": "All versions including 0.1.15" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-CLOSURECOMPILERSTREAM-560123", + "url": "https://snyk.io/vuln/SNYK-JS-CLOSURECOMPILERSTREAM-560123" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument \"options\" of the exports function in \"index.js\" can be controlled by users without any sanitization." } ] } diff --git a/2020/7xxx/CVE-2020-7604.json b/2020/7xxx/CVE-2020-7604.json index b33e66c1735..40056b4d13a 100644 --- a/2020/7xxx/CVE-2020-7604.json +++ b/2020/7xxx/CVE-2020-7604.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "pulverizr", + "version": { + "version_data": [ + { + "version_value": "All versions including 0.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122", + "url": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pulverizr through 0.7.0 allows execution of arbitrary commands. Within \"lib/job.js\", the variable \"filename\" can be controlled by the attacker. This function uses the variable \"filename\" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command." } ] } diff --git a/2020/7xxx/CVE-2020-7605.json b/2020/7xxx/CVE-2020-7605.json index 48993f9a525..b7218736986 100644 --- a/2020/7xxx/CVE-2020-7605.json +++ b/2020/7xxx/CVE-2020-7605.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gulp-tape", + "version": { + "version_data": [ + { + "version_value": "All versions including 1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-GULPTAPE-560124", + "url": "https://snyk.io/vuln/SNYK-JS-GULPTAPE-560124" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options." } ] } diff --git a/2020/7xxx/CVE-2020-7606.json b/2020/7xxx/CVE-2020-7606.json index e2fe5d563af..d20ac7aeaba 100644 --- a/2020/7xxx/CVE-2020-7606.json +++ b/2020/7xxx/CVE-2020-7606.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "docker-compose-remote-api", + "version": { + "version_data": [ + { + "version_value": "All versions including 0.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125", + "url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization." } ] } diff --git a/2020/7xxx/CVE-2020-7607.json b/2020/7xxx/CVE-2020-7607.json index 994206ad2d3..7a371c7dc55 100644 --- a/2020/7xxx/CVE-2020-7607.json +++ b/2020/7xxx/CVE-2020-7607.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gulp-styledocco", + "version": { + "version_data": [ + { + "version_value": "All versions including 0.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-GULPSTYLEDOCCO-560126", + "url": "https://snyk.io/vuln/SNYK-JS-GULPSTYLEDOCCO-560126" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization." } ] } diff --git a/2020/9xxx/CVE-2020-9287.json b/2020/9xxx/CVE-2020-9287.json index 0a2044f2a3c..a2a3be58044 100644 --- a/2020/9xxx/CVE-2020-9287.json +++ b/2020/9xxx/CVE-2020-9287.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9287", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClient EMS", + "version": { + "version_data": [ + { + "version_value": "6.2.1 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-060", + "url": "https://fortiguard.com/psirt/FG-IR-19-060" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory." } ] } diff --git a/2020/9xxx/CVE-2020-9290.json b/2020/9xxx/CVE-2020-9290.json index 3e05a6c515a..a7b9dae891f 100644 --- a/2020/9xxx/CVE-2020-9290.json +++ b/2020/9xxx/CVE-2020-9290.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9290", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClient for Windows", + "version": { + "version_data": [ + { + "version_value": "6.2.3 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-060", + "url": "https://fortiguard.com/psirt/FG-IR-19-060" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory." } ] } From 9493c78fb336476abba231c9563d7e8c8dd1415f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 15 Mar 2020 23:01:13 +0000 Subject: [PATCH 127/144] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15708.json | 88 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17654.json | 68 ++++++++++++++++++++++++++ 2019/6xxx/CVE-2019-6696.json | 64 ++++++++++++++++++++++--- 3 files changed, 213 insertions(+), 7 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15708.json create mode 100644 2019/17xxx/CVE-2019-17654.json diff --git a/2019/15xxx/CVE-2019-15708.json b/2019/15xxx/CVE-2019-15708.json new file mode 100644 index 00000000000..7fe2e7f5061 --- /dev/null +++ b/2019/15xxx/CVE-2019-15708.json @@ -0,0 +1,88 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15708", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiAP-S/W2", + "version": { + "version_data": [ + { + "version_value": "6.2.1" + }, + { + "version_value": "6.2.0" + }, + { + "version_value": "6.0.5 and below" + } + ] + } + }, + { + "product_name": "Fortinet FortiAP-U", + "version": { + "version_data": [ + { + "version_value": "6.0.5 and below" + } + ] + } + }, + { + "product_name": "Fortinet FortiAP", + "version": { + "version_data": [ + { + "version_value": "below 6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-209", + "url": "https://fortiguard.com/psirt/FG-IR-19-209" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17654.json b/2019/17xxx/CVE-2019-17654.json new file mode 100644 index 00000000000..7ab60ac3889 --- /dev/null +++ b/2019/17xxx/CVE-2019-17654.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17654", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiManager", + "version": { + "version_data": [ + { + "version_value": "6.2.1" + }, + { + "version_value": "6.2.0" + }, + { + "version_value": "6.0.6 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-191", + "url": "https://fortiguard.com/psirt/FG-IR-19-191" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6696.json b/2019/6xxx/CVE-2019-6696.json index 21e6de3cf2e..0c535ac3d07 100644 --- a/2019/6xxx/CVE-2019-6696.json +++ b/2019/6xxx/CVE-2019-6696.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6696", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6696", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiOS", + "version": { + "version_data": [ + { + "version_value": "6.2.1" + }, + { + "version_value": "6.2.0" + }, + { + "version_value": "6.0.8 and below until 5.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-179", + "url": "https://fortiguard.com/psirt/FG-IR-19-179" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage." } ] } From 633edf1907e45a26f260ecc854b0701cb1b481bb Mon Sep 17 00:00:00 2001 From: Ikuya Fukumoto Date: Mon, 16 Mar 2020 10:14:09 +0900 Subject: [PATCH 128/144] JPCERT/CC 2020-03-16 --- 2020/5xxx/CVE-2020-5542.json | 58 +++++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5543.json | 58 +++++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5544.json | 58 +++++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5545.json | 58 +++++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5546.json | 58 +++++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5547.json | 58 +++++++++++++++++++++++++++++++----- 6 files changed, 306 insertions(+), 42 deletions(-) diff --git a/2020/5xxx/CVE-2020-5542.json b/2020/5xxx/CVE-2020-5542.json index bf7d331e8a7..f48931488f5 100644 --- a/2020/5xxx/CVE-2020-5542.json +++ b/2020/5xxx/CVE-2020-5542.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + }, + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "IU1-1M20-D firmware version 1.0.7 and earlier" + } + ] + }, + "product_name": "Mitsubishi Electric MELQIC IU1 series" + } + ] + }, + "vendor_name": "Mitsubishi Electric Corporation" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5542", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5543.json b/2020/5xxx/CVE-2020-5543.json index 69ad2ecf2c8..d34aa5afcde 100644 --- a/2020/5xxx/CVE-2020-5543.json +++ b/2020/5xxx/CVE-2020-5543.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + }, + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "IU1-1M20-D firmware version 1.0.7 and earlier" + } + ] + }, + "product_name": "Mitsubishi Electric MELQIC IU1 series" + } + ] + }, + "vendor_name": "Mitsubishi Electric Corporation" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5543", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to manage sessions" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5544.json b/2020/5xxx/CVE-2020-5544.json index 3382f1128c0..0063139cb08 100644 --- a/2020/5xxx/CVE-2020-5544.json +++ b/2020/5xxx/CVE-2020-5544.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5544", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + }, + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "IU1-1M20-D firmware version 1.0.7 and earlier" + } + ] + }, + "product_name": "Mitsubishi Electric MELQIC IU1 series" + } + ] + }, + "vendor_name": "Mitsubishi Electric Corporation" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5544", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5545.json b/2020/5xxx/CVE-2020-5545.json index de79c133885..840a9350932 100644 --- a/2020/5xxx/CVE-2020-5545.json +++ b/2020/5xxx/CVE-2020-5545.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + }, + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "IU1-1M20-D firmware version 1.0.7 and earlier" + } + ] + }, + "product_name": "Mitsubishi Electric MELQIC IU1 series" + } + ] + }, + "vendor_name": "Mitsubishi Electric Corporation" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5545", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5546.json b/2020/5xxx/CVE-2020-5546.json index 0c43362fdf3..99ffbabcb5a 100644 --- a/2020/5xxx/CVE-2020-5546.json +++ b/2020/5xxx/CVE-2020-5546.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + }, + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "IU1-1M20-D firmware version 1.0.7 and earlier" + } + ] + }, + "product_name": "Mitsubishi Electric MELQIC IU1 series" + } + ] + }, + "vendor_name": "Mitsubishi Electric Corporation" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5546", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5547.json b/2020/5xxx/CVE-2020-5547.json index 614d5e89f97..e225af55aa5 100644 --- a/2020/5xxx/CVE-2020-5547.json +++ b/2020/5xxx/CVE-2020-5547.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + }, + { + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "IU1-1M20-D firmware version 1.0.7 and earlier" + } + ] + }, + "product_name": "Mitsubishi Electric MELQIC IU1 series" + } + ] + }, + "vendor_name": "Mitsubishi Electric Corporation" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5547", + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Management Errors" + } + ] } ] } From fd544bb3510b001e9ddbe3e0c707401f0bb9eaeb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Mar 2020 02:01:23 +0000 Subject: [PATCH 129/144] "-Synchronized-Data." --- 2020/5xxx/CVE-2020-5542.json | 11 ++++++++--- 2020/5xxx/CVE-2020-5543.json | 13 +++++++++---- 2020/5xxx/CVE-2020-5544.json | 11 ++++++++--- 2020/5xxx/CVE-2020-5545.json | 11 ++++++++--- 2020/5xxx/CVE-2020-5546.json | 11 ++++++++--- 2020/5xxx/CVE-2020-5547.json | 11 ++++++++--- 6 files changed, 49 insertions(+), 19 deletions(-) diff --git a/2020/5xxx/CVE-2020-5542.json b/2020/5xxx/CVE-2020-5542.json index f48931488f5..a0446ff7106 100644 --- a/2020/5xxx/CVE-2020-5542.json +++ b/2020/5xxx/CVE-2020-5542.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU92370624/index.html" }, { - "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2020-5542", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2020/5xxx/CVE-2020-5543.json b/2020/5xxx/CVE-2020-5543.json index d34aa5afcde..6c3e590b0f7 100644 --- a/2020/5xxx/CVE-2020-5543.json +++ b/2020/5xxx/CVE-2020-5543.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU92370624/index.html" }, { - "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" } ] }, @@ -14,7 +18,7 @@ "description_data": [ { "lang": "eng", - "value": "TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet." + "value": "TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet." } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2020-5543", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2020/5xxx/CVE-2020-5544.json b/2020/5xxx/CVE-2020-5544.json index 0063139cb08..59ce5e87fac 100644 --- a/2020/5xxx/CVE-2020-5544.json +++ b/2020/5xxx/CVE-2020-5544.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU92370624/index.html" }, { - "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2020-5544", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2020/5xxx/CVE-2020-5545.json b/2020/5xxx/CVE-2020-5545.json index 840a9350932..e242f43ba48 100644 --- a/2020/5xxx/CVE-2020-5545.json +++ b/2020/5xxx/CVE-2020-5545.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU92370624/index.html" }, { - "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2020-5545", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2020/5xxx/CVE-2020-5546.json b/2020/5xxx/CVE-2020-5546.json index 99ffbabcb5a..fd13b1e1c9d 100644 --- a/2020/5xxx/CVE-2020-5546.json +++ b/2020/5xxx/CVE-2020-5546.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU92370624/index.html" }, { - "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2020-5546", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2020/5xxx/CVE-2020-5547.json b/2020/5xxx/CVE-2020-5547.json index e225af55aa5..f1045495e89 100644 --- a/2020/5xxx/CVE-2020-5547.json +++ b/2020/5xxx/CVE-2020-5547.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html" + "url": "https://jvn.jp/en/vu/JVNVU92370624/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU92370624/index.html" }, { - "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf" } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2020-5547", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { From ad8050abed3af5da404ca3436e090d26fb91caeb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Mar 2020 07:01:14 +0000 Subject: [PATCH 130/144] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10595.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2020/10xxx/CVE-2020-10595.json diff --git a/2020/10xxx/CVE-2020-10595.json b/2020/10xxx/CVE-2020-10595.json new file mode 100644 index 00000000000..08053703f62 --- /dev/null +++ b/2020/10xxx/CVE-2020-10595.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10595", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From ebeecb0ccc761cb8a3202e8011a636f9ef7acf0a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Mar 2020 09:01:12 +0000 Subject: [PATCH 131/144] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10673.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/10xxx/CVE-2019-10673.json b/2019/10xxx/CVE-2019-10673.json index 450a8c3214d..62650c82282 100644 --- a/2019/10xxx/CVE-2019-10673.json +++ b/2019/10xxx/CVE-2019-10673.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/152315/WordPress-Ultimate-Member-2.0.38-Cross-Site-Request-Forgery.html", "url": "http://packetstormsecurity.com/files/152315/WordPress-Ultimate-Member-2.0.38-Cross-Site-Request-Forgery.html" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9250", + "url": "https://wpvulndb.com/vulnerabilities/9250" } ] } From 644d3e33e842cbe2466727cef7e59603e1c9eb78 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Mar 2020 10:01:21 +0000 Subject: [PATCH 132/144] "-Synchronized-Data." --- 2018/20xxx/CVE-2018-20184.json | 5 +++++ 2018/20xxx/CVE-2018-20185.json | 5 +++++ 2018/20xxx/CVE-2018-20189.json | 5 +++++ 2019/11xxx/CVE-2019-11005.json | 5 +++++ 2019/11xxx/CVE-2019-11006.json | 5 +++++ 2019/11xxx/CVE-2019-11007.json | 5 +++++ 2019/11xxx/CVE-2019-11008.json | 5 +++++ 2019/11xxx/CVE-2019-11009.json | 5 +++++ 2019/11xxx/CVE-2019-11010.json | 5 +++++ 2019/11xxx/CVE-2019-11473.json | 5 +++++ 2019/11xxx/CVE-2019-11474.json | 5 +++++ 2019/11xxx/CVE-2019-11505.json | 5 +++++ 2019/11xxx/CVE-2019-11506.json | 5 +++++ 2019/19xxx/CVE-2019-19950.json | 5 +++++ 2019/19xxx/CVE-2019-19951.json | 5 +++++ 2019/19xxx/CVE-2019-19953.json | 5 +++++ 16 files changed, 80 insertions(+) diff --git a/2018/20xxx/CVE-2018-20184.json b/2018/20xxx/CVE-2018-20184.json index c09868abc85..430b83b6579 100644 --- a/2018/20xxx/CVE-2018-20184.json +++ b/2018/20xxx/CVE-2018-20184.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2018/20xxx/CVE-2018-20185.json b/2018/20xxx/CVE-2018-20185.json index 1616b926f4a..fe77e061a71 100644 --- a/2018/20xxx/CVE-2018-20185.json +++ b/2018/20xxx/CVE-2018-20185.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2018/20xxx/CVE-2018-20189.json b/2018/20xxx/CVE-2018-20189.json index 1b19f44de40..294efe42a4d 100644 --- a/2018/20xxx/CVE-2018-20189.json +++ b/2018/20xxx/CVE-2018-20189.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/11xxx/CVE-2019-11005.json b/2019/11xxx/CVE-2019-11005.json index 73d1061e44b..1df628732ec 100644 --- a/2019/11xxx/CVE-2019-11005.json +++ b/2019/11xxx/CVE-2019-11005.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/11xxx/CVE-2019-11006.json b/2019/11xxx/CVE-2019-11006.json index fa9afa9da57..a63383fd942 100644 --- a/2019/11xxx/CVE-2019-11006.json +++ b/2019/11xxx/CVE-2019-11006.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/11xxx/CVE-2019-11007.json b/2019/11xxx/CVE-2019-11007.json index 2dc9e386575..748f14e3ede 100644 --- a/2019/11xxx/CVE-2019-11007.json +++ b/2019/11xxx/CVE-2019-11007.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/11xxx/CVE-2019-11008.json b/2019/11xxx/CVE-2019-11008.json index 83ff5245c93..7f383965ef4 100644 --- a/2019/11xxx/CVE-2019-11008.json +++ b/2019/11xxx/CVE-2019-11008.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/11xxx/CVE-2019-11009.json b/2019/11xxx/CVE-2019-11009.json index 455777bc07b..16a4288653b 100644 --- a/2019/11xxx/CVE-2019-11009.json +++ b/2019/11xxx/CVE-2019-11009.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/11xxx/CVE-2019-11010.json b/2019/11xxx/CVE-2019-11010.json index 7e47ba825ae..946880ce9c2 100644 --- a/2019/11xxx/CVE-2019-11010.json +++ b/2019/11xxx/CVE-2019-11010.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/11xxx/CVE-2019-11473.json b/2019/11xxx/CVE-2019-11473.json index 2d56f961f98..f47762e7308 100644 --- a/2019/11xxx/CVE-2019-11473.json +++ b/2019/11xxx/CVE-2019-11473.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/11xxx/CVE-2019-11474.json b/2019/11xxx/CVE-2019-11474.json index 9d09dde93cf..02d2e086eda 100644 --- a/2019/11xxx/CVE-2019-11474.json +++ b/2019/11xxx/CVE-2019-11474.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/11xxx/CVE-2019-11505.json b/2019/11xxx/CVE-2019-11505.json index dbee80db117..7cd5f82fcc9 100644 --- a/2019/11xxx/CVE-2019-11505.json +++ b/2019/11xxx/CVE-2019-11505.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/11xxx/CVE-2019-11506.json b/2019/11xxx/CVE-2019-11506.json index 39fb025892c..05687466502 100644 --- a/2019/11xxx/CVE-2019-11506.json +++ b/2019/11xxx/CVE-2019-11506.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4207-1", "url": "https://usn.ubuntu.com/4207-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/19xxx/CVE-2019-19950.json b/2019/19xxx/CVE-2019-19950.json index ddf01534656..130a1611491 100644 --- a/2019/19xxx/CVE-2019-19950.json +++ b/2019/19xxx/CVE-2019-19950.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/19xxx/CVE-2019-19951.json b/2019/19xxx/CVE-2019-19951.json index 01502acd5af..9e5c021fa39 100644 --- a/2019/19xxx/CVE-2019-19951.json +++ b/2019/19xxx/CVE-2019-19951.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } diff --git a/2019/19xxx/CVE-2019-19953.json b/2019/19xxx/CVE-2019-19953.json index e313c5d253c..cd3db880944 100644 --- a/2019/19xxx/CVE-2019-19953.json +++ b/2019/19xxx/CVE-2019-19953.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4640", + "url": "https://www.debian.org/security/2020/dsa-4640" } ] } From ab2752a063b16dc64a29a3ea84932ef37bd97c5a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Mar 2020 12:01:20 +0000 Subject: [PATCH 133/144] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20503.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2019/20xxx/CVE-2019-20503.json b/2019/20xxx/CVE-2019-20503.json index 08ceca7f1f6..bede5bda595 100644 --- a/2019/20xxx/CVE-2019-20503.json +++ b/2019/20xxx/CVE-2019-20503.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0340", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0815", + "url": "https://access.redhat.com/errata/RHSA-2020:0815" } ] } From 87f5c8aab3b030f9b5de5c0681c6c46303c67803 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Mar 2020 13:01:12 +0000 Subject: [PATCH 134/144] "-Synchronized-Data." --- 2020/9xxx/CVE-2020-9519.json | 50 +++++++++++++++++++++++++++++++++--- 1 file changed, 47 insertions(+), 3 deletions(-) diff --git a/2020/9xxx/CVE-2020-9519.json b/2020/9xxx/CVE-2020-9519.json index 11af9cf8463..9002dd28d25 100644 --- a/2020/9xxx/CVE-2020-9519.json +++ b/2020/9xxx/CVE-2020-9519.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Micro Focus International", + "product": { + "product_data": [ + { + "product_name": "Service Manager (Server).", + "version": { + "version_data": [ + { + "version_value": "9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP methods reveled in Web services." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03607789", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03607789" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data." } ] } From e93c7ca1c388128d698c51e2a4cb025b24e8fa53 Mon Sep 17 00:00:00 2001 From: "mrehak@redhat.com" Date: Mon, 16 Mar 2020 14:21:29 +0100 Subject: [PATCH 135/144] CVE-2020-1753 init --- 2020/1xxx/CVE-2020-1753.json | 83 ++++++++++++++++++++++++++++++++++-- 1 file changed, 79 insertions(+), 4 deletions(-) diff --git a/2020/1xxx/CVE-2020-1753.json b/2020/1xxx/CVE-2020-1753.json index 4f1ab5909b6..22f5dd39c86 100644 --- a/2020/1xxx/CVE-2020-1753.json +++ b/2020/1xxx/CVE-2020-1753.json @@ -4,15 +4,90 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mrehak@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Ansible", + "version": { + "version_data": [ + { + "version_value": "all Ansible 2.7.x versions prior to 2.7.17" + }, + { + "version_value": "all Ansible 2.8.x versions prior to 2.8.11" + }, + { + "version_value": "all Ansible 2.8.x versions prior to 2.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-214" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-532" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.7.x versions prior to 2.8.11 and all Ansible 2.7.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +} From 684171ad7cf8ac067938f7f5a2e325e97dd54fa2 Mon Sep 17 00:00:00 2001 From: "mrehak@redhat.com" Date: Mon, 16 Mar 2020 14:36:05 +0100 Subject: [PATCH 136/144] CVE-2020-1753 fixed versions typos, added upstream reference --- 2020/1xxx/CVE-2020-1753.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/2020/1xxx/CVE-2020-1753.json b/2020/1xxx/CVE-2020-1753.json index 22f5dd39c86..c50a738abfc 100644 --- a/2020/1xxx/CVE-2020-1753.json +++ b/2020/1xxx/CVE-2020-1753.json @@ -24,7 +24,7 @@ "version_value": "all Ansible 2.8.x versions prior to 2.8.11" }, { - "version_value": "all Ansible 2.8.x versions prior to 2.9.7" + "version_value": "all Ansible 2.9.x versions prior to 2.9.7" } ] } @@ -69,6 +69,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753", "refsource": "CONFIRM" + }, + { + "url": "https://github.com/ansible-collections/kubernetes/pull/51", + "name": "https://github.com/ansible-collections/kubernetes/pull/51", + "refsource": "CONFIRM" } ] }, @@ -76,7 +81,7 @@ "description_data": [ { "lang": "eng", - "value": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.7.x versions prior to 2.8.11 and all Ansible 2.7.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files." + "value": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files." } ] }, From 5c7ce68062854997decb3c731cbc2095a2153298 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Mon, 16 Mar 2020 10:41:10 -0300 Subject: [PATCH 137/144] fixed version information. --- 2020/1xxx/CVE-2020-1736.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2020/1xxx/CVE-2020-1736.json b/2020/1xxx/CVE-2020-1736.json index fe2139defda..31e12ccf4ea 100644 --- a/2020/1xxx/CVE-2020-1736.json +++ b/2020/1xxx/CVE-2020-1736.json @@ -18,7 +18,7 @@ "version": { "version_data": [ { - "version_value": "n/a" + "version_value": "2.7.x, 2.8.x, 2.9.x" } ] } @@ -54,7 +54,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data." + "value": "A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable." } ] }, From f3d8de2acdcf817ecee4a331f6515b033166a8d3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Mar 2020 14:01:16 +0000 Subject: [PATCH 138/144] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10091.json | 50 ++++++++++++++++++++++++++++++++-- 2019/12xxx/CVE-2019-12526.json | 5 ++++ 2019/12xxx/CVE-2019-12528.json | 5 ++++ 2019/12xxx/CVE-2019-12838.json | 5 ++++ 2019/18xxx/CVE-2019-18678.json | 5 ++++ 2019/18xxx/CVE-2019-18679.json | 5 ++++ 2019/20xxx/CVE-2019-20503.json | 10 +++++++ 2019/6xxx/CVE-2019-6438.json | 5 ++++ 2020/10xxx/CVE-2020-10596.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10597.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10598.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10599.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10600.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10601.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10602.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10603.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10604.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10605.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10606.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10607.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10608.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10609.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10610.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10611.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10612.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10613.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10614.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10615.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10616.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10617.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10618.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10619.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10620.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10621.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10622.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10623.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10624.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10625.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10626.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10627.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10628.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10629.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10630.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10631.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10632.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10633.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10634.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10635.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10636.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10637.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10638.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10639.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10640.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10641.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10642.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10643.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10644.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10645.json | 18 ++++++++++++ 2020/10xxx/CVE-2020-10646.json | 18 ++++++++++++ 2020/1xxx/CVE-2020-1938.json | 5 ++++ 2020/8xxx/CVE-2020-8449.json | 5 ++++ 2020/8xxx/CVE-2020-8450.json | 5 ++++ 2020/8xxx/CVE-2020-8517.json | 5 ++++ 2020/8xxx/CVE-2020-8840.json | 5 ++++ 2020/9xxx/CVE-2020-9518.json | 50 ++++++++++++++++++++++++++++++++-- 65 files changed, 1077 insertions(+), 6 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10596.json create mode 100644 2020/10xxx/CVE-2020-10597.json create mode 100644 2020/10xxx/CVE-2020-10598.json create mode 100644 2020/10xxx/CVE-2020-10599.json create mode 100644 2020/10xxx/CVE-2020-10600.json create mode 100644 2020/10xxx/CVE-2020-10601.json create mode 100644 2020/10xxx/CVE-2020-10602.json create mode 100644 2020/10xxx/CVE-2020-10603.json create mode 100644 2020/10xxx/CVE-2020-10604.json create mode 100644 2020/10xxx/CVE-2020-10605.json create mode 100644 2020/10xxx/CVE-2020-10606.json create mode 100644 2020/10xxx/CVE-2020-10607.json create mode 100644 2020/10xxx/CVE-2020-10608.json create mode 100644 2020/10xxx/CVE-2020-10609.json create mode 100644 2020/10xxx/CVE-2020-10610.json create mode 100644 2020/10xxx/CVE-2020-10611.json create mode 100644 2020/10xxx/CVE-2020-10612.json create mode 100644 2020/10xxx/CVE-2020-10613.json create mode 100644 2020/10xxx/CVE-2020-10614.json create mode 100644 2020/10xxx/CVE-2020-10615.json create mode 100644 2020/10xxx/CVE-2020-10616.json create mode 100644 2020/10xxx/CVE-2020-10617.json create mode 100644 2020/10xxx/CVE-2020-10618.json create mode 100644 2020/10xxx/CVE-2020-10619.json create mode 100644 2020/10xxx/CVE-2020-10620.json create mode 100644 2020/10xxx/CVE-2020-10621.json create mode 100644 2020/10xxx/CVE-2020-10622.json create mode 100644 2020/10xxx/CVE-2020-10623.json create mode 100644 2020/10xxx/CVE-2020-10624.json create mode 100644 2020/10xxx/CVE-2020-10625.json create mode 100644 2020/10xxx/CVE-2020-10626.json create mode 100644 2020/10xxx/CVE-2020-10627.json create mode 100644 2020/10xxx/CVE-2020-10628.json create mode 100644 2020/10xxx/CVE-2020-10629.json create mode 100644 2020/10xxx/CVE-2020-10630.json create mode 100644 2020/10xxx/CVE-2020-10631.json create mode 100644 2020/10xxx/CVE-2020-10632.json create mode 100644 2020/10xxx/CVE-2020-10633.json create mode 100644 2020/10xxx/CVE-2020-10634.json create mode 100644 2020/10xxx/CVE-2020-10635.json create mode 100644 2020/10xxx/CVE-2020-10636.json create mode 100644 2020/10xxx/CVE-2020-10637.json create mode 100644 2020/10xxx/CVE-2020-10638.json create mode 100644 2020/10xxx/CVE-2020-10639.json create mode 100644 2020/10xxx/CVE-2020-10640.json create mode 100644 2020/10xxx/CVE-2020-10641.json create mode 100644 2020/10xxx/CVE-2020-10642.json create mode 100644 2020/10xxx/CVE-2020-10643.json create mode 100644 2020/10xxx/CVE-2020-10644.json create mode 100644 2020/10xxx/CVE-2020-10645.json create mode 100644 2020/10xxx/CVE-2020-10646.json diff --git a/2019/10xxx/CVE-2019-10091.json b/2019/10xxx/CVE-2019-10091.json index dbdb862066e..62382a66993 100644 --- a/2019/10xxx/CVE-2019-10091.json +++ b/2019/10xxx/CVE-2019-10091.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Geode", + "version": { + "version_data": [ + { + "version_value": "Apache Tomcat 1.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Certificate Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r3342077ac4798631300366be86e545d0c08753cca8fd2663867fe200%40%3Cdev.geode.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r3342077ac4798631300366be86e545d0c08753cca8fd2663867fe200%40%3Cdev.geode.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack." } ] } diff --git a/2019/12xxx/CVE-2019-12526.json b/2019/12xxx/CVE-2019-12526.json index 77bc8d892cf..9367679f0bb 100644 --- a/2019/12xxx/CVE-2019-12526.json +++ b/2019/12xxx/CVE-2019-12526.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-34", + "url": "https://security.gentoo.org/glsa/202003-34" } ] } diff --git a/2019/12xxx/CVE-2019-12528.json b/2019/12xxx/CVE-2019-12528.json index e9bb4b766cb..b7f6006ad3f 100644 --- a/2019/12xxx/CVE-2019-12528.json +++ b/2019/12xxx/CVE-2019-12528.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0307", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-34", + "url": "https://security.gentoo.org/glsa/202003-34" } ] } diff --git a/2019/12xxx/CVE-2019-12838.json b/2019/12xxx/CVE-2019-12838.json index 86b35a74933..056e07c34de 100644 --- a/2019/12xxx/CVE-2019-12838.json +++ b/2019/12xxx/CVE-2019-12838.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0085", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200316 [SECURITY] [DLA 2143-1] slurm-llnl security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00016.html" } ] }, diff --git a/2019/18xxx/CVE-2019-18678.json b/2019/18xxx/CVE-2019-18678.json index d591f6d1a1b..f084ff8c018 100644 --- a/2019/18xxx/CVE-2019-18678.json +++ b/2019/18xxx/CVE-2019-18678.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-34", + "url": "https://security.gentoo.org/glsa/202003-34" } ] } diff --git a/2019/18xxx/CVE-2019-18679.json b/2019/18xxx/CVE-2019-18679.json index 94413b1095a..04a90a32c16 100644 --- a/2019/18xxx/CVE-2019-18679.json +++ b/2019/18xxx/CVE-2019-18679.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-34", + "url": "https://security.gentoo.org/glsa/202003-34" } ] } diff --git a/2019/20xxx/CVE-2019-20503.json b/2019/20xxx/CVE-2019-20503.json index bede5bda595..70d2ade3d00 100644 --- a/2019/20xxx/CVE-2019-20503.json +++ b/2019/20xxx/CVE-2019-20503.json @@ -91,6 +91,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0815", "url": "https://access.redhat.com/errata/RHSA-2020:0815" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0819", + "url": "https://access.redhat.com/errata/RHSA-2020:0819" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0816", + "url": "https://access.redhat.com/errata/RHSA-2020:0816" } ] } diff --git a/2019/6xxx/CVE-2019-6438.json b/2019/6xxx/CVE-2019-6438.json index 7c390ac77ea..903e820cfbc 100644 --- a/2019/6xxx/CVE-2019-6438.json +++ b/2019/6xxx/CVE-2019-6438.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1264", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00090.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200316 [SECURITY] [DLA 2143-1] slurm-llnl security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00016.html" } ] } diff --git a/2020/10xxx/CVE-2020-10596.json b/2020/10xxx/CVE-2020-10596.json new file mode 100644 index 00000000000..b0288964070 --- /dev/null +++ b/2020/10xxx/CVE-2020-10596.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10596", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10597.json b/2020/10xxx/CVE-2020-10597.json new file mode 100644 index 00000000000..9a67b007ff9 --- /dev/null +++ b/2020/10xxx/CVE-2020-10597.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10597", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10598.json b/2020/10xxx/CVE-2020-10598.json new file mode 100644 index 00000000000..dc2e719be6f --- /dev/null +++ b/2020/10xxx/CVE-2020-10598.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10598", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10599.json b/2020/10xxx/CVE-2020-10599.json new file mode 100644 index 00000000000..5fe755c8a5c --- /dev/null +++ b/2020/10xxx/CVE-2020-10599.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10599", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10600.json b/2020/10xxx/CVE-2020-10600.json new file mode 100644 index 00000000000..db927638590 --- /dev/null +++ b/2020/10xxx/CVE-2020-10600.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10600", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10601.json b/2020/10xxx/CVE-2020-10601.json new file mode 100644 index 00000000000..e961e82c023 --- /dev/null +++ b/2020/10xxx/CVE-2020-10601.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10601", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10602.json b/2020/10xxx/CVE-2020-10602.json new file mode 100644 index 00000000000..2d783004fc6 --- /dev/null +++ b/2020/10xxx/CVE-2020-10602.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10603.json b/2020/10xxx/CVE-2020-10603.json new file mode 100644 index 00000000000..d5ebc0c7331 --- /dev/null +++ b/2020/10xxx/CVE-2020-10603.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10603", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10604.json b/2020/10xxx/CVE-2020-10604.json new file mode 100644 index 00000000000..f48437f8642 --- /dev/null +++ b/2020/10xxx/CVE-2020-10604.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10604", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10605.json b/2020/10xxx/CVE-2020-10605.json new file mode 100644 index 00000000000..a5f476d7048 --- /dev/null +++ b/2020/10xxx/CVE-2020-10605.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10605", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10606.json b/2020/10xxx/CVE-2020-10606.json new file mode 100644 index 00000000000..fe29426f762 --- /dev/null +++ b/2020/10xxx/CVE-2020-10606.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10606", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10607.json b/2020/10xxx/CVE-2020-10607.json new file mode 100644 index 00000000000..d630e398963 --- /dev/null +++ b/2020/10xxx/CVE-2020-10607.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10608.json b/2020/10xxx/CVE-2020-10608.json new file mode 100644 index 00000000000..dd2185b532f --- /dev/null +++ b/2020/10xxx/CVE-2020-10608.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10608", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10609.json b/2020/10xxx/CVE-2020-10609.json new file mode 100644 index 00000000000..60386e7fa9e --- /dev/null +++ b/2020/10xxx/CVE-2020-10609.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10609", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10610.json b/2020/10xxx/CVE-2020-10610.json new file mode 100644 index 00000000000..03768609bfa --- /dev/null +++ b/2020/10xxx/CVE-2020-10610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10611.json b/2020/10xxx/CVE-2020-10611.json new file mode 100644 index 00000000000..c3c53cedc45 --- /dev/null +++ b/2020/10xxx/CVE-2020-10611.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10611", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10612.json b/2020/10xxx/CVE-2020-10612.json new file mode 100644 index 00000000000..df3408133fa --- /dev/null +++ b/2020/10xxx/CVE-2020-10612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10613.json b/2020/10xxx/CVE-2020-10613.json new file mode 100644 index 00000000000..f3ca3297851 --- /dev/null +++ b/2020/10xxx/CVE-2020-10613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10614.json b/2020/10xxx/CVE-2020-10614.json new file mode 100644 index 00000000000..1c6d6d144c9 --- /dev/null +++ b/2020/10xxx/CVE-2020-10614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10615.json b/2020/10xxx/CVE-2020-10615.json new file mode 100644 index 00000000000..44be490fd87 --- /dev/null +++ b/2020/10xxx/CVE-2020-10615.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10615", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10616.json b/2020/10xxx/CVE-2020-10616.json new file mode 100644 index 00000000000..7319260576e --- /dev/null +++ b/2020/10xxx/CVE-2020-10616.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10616", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10617.json b/2020/10xxx/CVE-2020-10617.json new file mode 100644 index 00000000000..0d346420250 --- /dev/null +++ b/2020/10xxx/CVE-2020-10617.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10617", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10618.json b/2020/10xxx/CVE-2020-10618.json new file mode 100644 index 00000000000..79c5453e932 --- /dev/null +++ b/2020/10xxx/CVE-2020-10618.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10618", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10619.json b/2020/10xxx/CVE-2020-10619.json new file mode 100644 index 00000000000..17ee5c6760b --- /dev/null +++ b/2020/10xxx/CVE-2020-10619.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10619", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10620.json b/2020/10xxx/CVE-2020-10620.json new file mode 100644 index 00000000000..67ec39cf7f0 --- /dev/null +++ b/2020/10xxx/CVE-2020-10620.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10620", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10621.json b/2020/10xxx/CVE-2020-10621.json new file mode 100644 index 00000000000..0b5c3f093f3 --- /dev/null +++ b/2020/10xxx/CVE-2020-10621.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10621", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10622.json b/2020/10xxx/CVE-2020-10622.json new file mode 100644 index 00000000000..d9a9f00ed9b --- /dev/null +++ b/2020/10xxx/CVE-2020-10622.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10622", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10623.json b/2020/10xxx/CVE-2020-10623.json new file mode 100644 index 00000000000..a971d638eb7 --- /dev/null +++ b/2020/10xxx/CVE-2020-10623.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10624.json b/2020/10xxx/CVE-2020-10624.json new file mode 100644 index 00000000000..5050745b478 --- /dev/null +++ b/2020/10xxx/CVE-2020-10624.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10624", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10625.json b/2020/10xxx/CVE-2020-10625.json new file mode 100644 index 00000000000..9a89e941e12 --- /dev/null +++ b/2020/10xxx/CVE-2020-10625.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10626.json b/2020/10xxx/CVE-2020-10626.json new file mode 100644 index 00000000000..5300747bbd6 --- /dev/null +++ b/2020/10xxx/CVE-2020-10626.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10626", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10627.json b/2020/10xxx/CVE-2020-10627.json new file mode 100644 index 00000000000..05df7ddafac --- /dev/null +++ b/2020/10xxx/CVE-2020-10627.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10627", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10628.json b/2020/10xxx/CVE-2020-10628.json new file mode 100644 index 00000000000..377084f32d5 --- /dev/null +++ b/2020/10xxx/CVE-2020-10628.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10628", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10629.json b/2020/10xxx/CVE-2020-10629.json new file mode 100644 index 00000000000..37787878851 --- /dev/null +++ b/2020/10xxx/CVE-2020-10629.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10629", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10630.json b/2020/10xxx/CVE-2020-10630.json new file mode 100644 index 00000000000..12d3bfe1488 --- /dev/null +++ b/2020/10xxx/CVE-2020-10630.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10630", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10631.json b/2020/10xxx/CVE-2020-10631.json new file mode 100644 index 00000000000..7c9ce64326a --- /dev/null +++ b/2020/10xxx/CVE-2020-10631.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10631", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10632.json b/2020/10xxx/CVE-2020-10632.json new file mode 100644 index 00000000000..710f5d40b1d --- /dev/null +++ b/2020/10xxx/CVE-2020-10632.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10632", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10633.json b/2020/10xxx/CVE-2020-10633.json new file mode 100644 index 00000000000..85e52a8616b --- /dev/null +++ b/2020/10xxx/CVE-2020-10633.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10633", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10634.json b/2020/10xxx/CVE-2020-10634.json new file mode 100644 index 00000000000..2a94a0896e7 --- /dev/null +++ b/2020/10xxx/CVE-2020-10634.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10634", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10635.json b/2020/10xxx/CVE-2020-10635.json new file mode 100644 index 00000000000..592abb72658 --- /dev/null +++ b/2020/10xxx/CVE-2020-10635.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10635", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10636.json b/2020/10xxx/CVE-2020-10636.json new file mode 100644 index 00000000000..b3d0f15c934 --- /dev/null +++ b/2020/10xxx/CVE-2020-10636.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10636", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10637.json b/2020/10xxx/CVE-2020-10637.json new file mode 100644 index 00000000000..80d0e0070a9 --- /dev/null +++ b/2020/10xxx/CVE-2020-10637.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10637", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10638.json b/2020/10xxx/CVE-2020-10638.json new file mode 100644 index 00000000000..d0252e99cec --- /dev/null +++ b/2020/10xxx/CVE-2020-10638.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10638", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10639.json b/2020/10xxx/CVE-2020-10639.json new file mode 100644 index 00000000000..8ec68a5a909 --- /dev/null +++ b/2020/10xxx/CVE-2020-10639.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10639", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10640.json b/2020/10xxx/CVE-2020-10640.json new file mode 100644 index 00000000000..19545ab793c --- /dev/null +++ b/2020/10xxx/CVE-2020-10640.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10640", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10641.json b/2020/10xxx/CVE-2020-10641.json new file mode 100644 index 00000000000..1fb89c6eca1 --- /dev/null +++ b/2020/10xxx/CVE-2020-10641.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10641", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10642.json b/2020/10xxx/CVE-2020-10642.json new file mode 100644 index 00000000000..01c6ff4e06d --- /dev/null +++ b/2020/10xxx/CVE-2020-10642.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10642", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10643.json b/2020/10xxx/CVE-2020-10643.json new file mode 100644 index 00000000000..ae0dcb7fe3e --- /dev/null +++ b/2020/10xxx/CVE-2020-10643.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10643", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10644.json b/2020/10xxx/CVE-2020-10644.json new file mode 100644 index 00000000000..e63000ed65b --- /dev/null +++ b/2020/10xxx/CVE-2020-10644.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10644", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10645.json b/2020/10xxx/CVE-2020-10645.json new file mode 100644 index 00000000000..3ed619d8d7b --- /dev/null +++ b/2020/10xxx/CVE-2020-10645.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10645", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10646.json b/2020/10xxx/CVE-2020-10646.json new file mode 100644 index 00000000000..1d0d3b78985 --- /dev/null +++ b/2020/10xxx/CVE-2020-10646.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10646", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1938.json b/2020/1xxx/CVE-2020-1938.json index 67c2346e7f9..e084550bbba 100644 --- a/2020/1xxx/CVE-2020-1938.json +++ b/2020/1xxx/CVE-2020-1938.json @@ -169,6 +169,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0345", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html" + }, + { + "refsource": "MLIST", + "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1", + "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E" } ] }, diff --git a/2020/8xxx/CVE-2020-8449.json b/2020/8xxx/CVE-2020-8449.json index ce7d876dff6..e818d2407ed 100644 --- a/2020/8xxx/CVE-2020-8449.json +++ b/2020/8xxx/CVE-2020-8449.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0307", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-34", + "url": "https://security.gentoo.org/glsa/202003-34" } ] } diff --git a/2020/8xxx/CVE-2020-8450.json b/2020/8xxx/CVE-2020-8450.json index e66a4d92e6f..4bb0fecebfc 100644 --- a/2020/8xxx/CVE-2020-8450.json +++ b/2020/8xxx/CVE-2020-8450.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0307", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-34", + "url": "https://security.gentoo.org/glsa/202003-34" } ] } diff --git a/2020/8xxx/CVE-2020-8517.json b/2020/8xxx/CVE-2020-8517.json index 75cb105b153..36a23c17c37 100644 --- a/2020/8xxx/CVE-2020-8517.json +++ b/2020/8xxx/CVE-2020-8517.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0307", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202003-34", + "url": "https://security.gentoo.org/glsa/202003-34" } ] } diff --git a/2020/8xxx/CVE-2020-8840.json b/2020/8xxx/CVE-2020-8840.json index 72b4ce86ace..bff0179735c 100644 --- a/2020/8xxx/CVE-2020-8840.json +++ b/2020/8xxx/CVE-2020-8840.json @@ -156,6 +156,11 @@ "refsource": "MLIST", "name": "[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1", "url": "https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1", + "url": "https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E" } ] } diff --git a/2020/9xxx/CVE-2020-9518.json b/2020/9xxx/CVE-2020-9518.json index cf519f44310..0b9403b5066 100644 --- a/2020/9xxx/CVE-2020-9518.json +++ b/2020/9xxx/CVE-2020-9518.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Micro Focus International", + "product": { + "product_data": [ + { + "product_name": "Service Manager (Web Tier).", + "version": { + "version_data": [ + { + "version_value": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Login filter can access configuration files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03607792", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03607792" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data." } ] } From 0ad796c49a2e090cfd48d59b25bc58f73fa08a18 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Mon, 16 Mar 2020 11:17:36 -0300 Subject: [PATCH 139/144] CVE-2019-14887 --- 2019/14xxx/CVE-2019-14887.json | 76 ++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 2019/14xxx/CVE-2019-14887.json diff --git a/2019/14xxx/CVE-2019-14887.json b/2019/14xxx/CVE-2019-14887.json new file mode 100644 index 00000000000..9600d8e363b --- /dev/null +++ b/2019/14xxx/CVE-2019-14887.json @@ -0,0 +1,76 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14887", + "ASSIGNER": "psampaio@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "wildfly", + "version": { + "version_data": [ + { + "version_value": "7.2.0.GA, 7.2.3.GA, 7.2.5.CR2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-757" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14887", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14887", + "refsource": "CONFIRM" + }, + { + "url": "https://issues.redhat.com/browse/JBEAP-17965", + "name": "https://issues.redhat.com/browse/JBEAP-17965", + "refsource": "CONFIRM" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + ] + ] + } +} From d142a51f37ce144b9ae7c9af2d688c21a7e8ef31 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Mon, 16 Mar 2020 11:26:23 -0300 Subject: [PATCH 140/144] added upstream reference --- 2020/1xxx/CVE-2020-1736.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/2020/1xxx/CVE-2020-1736.json b/2020/1xxx/CVE-2020-1736.json index 31e12ccf4ea..aec6998f6ba 100644 --- a/2020/1xxx/CVE-2020-1736.json +++ b/2020/1xxx/CVE-2020-1736.json @@ -47,6 +47,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736", "refsource": "CONFIRM" + }, + { + "url": "https://github.com/ansible/ansible/issues/67794", + "name": "https://github.com/ansible/ansible/issues/67794", + "refsource": "CONFIRM" } ] }, From b49e34c6653887c05459f770d00309f54d978e5e Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Mon, 16 Mar 2020 11:32:39 -0300 Subject: [PATCH 141/144] added version information and upstream reference. --- 2020/1xxx/CVE-2020-1735.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/2020/1xxx/CVE-2020-1735.json b/2020/1xxx/CVE-2020-1735.json index 217515c0b2b..86db8871153 100644 --- a/2020/1xxx/CVE-2020-1735.json +++ b/2020/1xxx/CVE-2020-1735.json @@ -18,7 +18,7 @@ "version": { "version_data": [ { - "version_value": "n/a" + "version_value": "2.7.x, 2.8.x, 2.9.x" } ] } @@ -47,6 +47,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735", "refsource": "CONFIRM" + }, + { + "url": "https://github.com/ansible/ansible/issues/67793", + "name": "https://github.com/ansible/ansible/issues/67793", + "refsource": "CONFIRM" } ] }, @@ -54,7 +59,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node." + "value": "A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable." } ] }, From 8eda7a010e6716810158b14bc028f333df0ecb22 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Mon, 16 Mar 2020 11:35:27 -0300 Subject: [PATCH 142/144] added version info and upstream reference. --- 2020/1xxx/CVE-2020-1740.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/2020/1xxx/CVE-2020-1740.json b/2020/1xxx/CVE-2020-1740.json index d579be83772..d9fc9e13d4d 100644 --- a/2020/1xxx/CVE-2020-1740.json +++ b/2020/1xxx/CVE-2020-1740.json @@ -18,7 +18,7 @@ "version": { "version_data": [ { - "version_value": "n/a" + "version_value": "2.7.x, 2.8.x, 2.9.x" } ] } @@ -47,6 +47,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", "refsource": "CONFIRM" + }, + { + "url": "https://github.com/ansible/ansible/issues/67798", + "name": "https://github.com/ansible/ansible/issues/67798", + "refsource": "CONFIRM" } ] }, @@ -54,7 +59,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely." + "value": "A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable." } ] }, From 361a50fbf3ab78cd86480b1083771e8c09ff0426 Mon Sep 17 00:00:00 2001 From: Pedro Sampaio Date: Mon, 16 Mar 2020 11:38:23 -0300 Subject: [PATCH 143/144] added version info and upstream reference. --- 2020/1xxx/CVE-2020-1738.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/2020/1xxx/CVE-2020-1738.json b/2020/1xxx/CVE-2020-1738.json index b134026da8a..1a302f5f79d 100644 --- a/2020/1xxx/CVE-2020-1738.json +++ b/2020/1xxx/CVE-2020-1738.json @@ -18,7 +18,7 @@ "version": { "version_data": [ { - "version_value": "n/a" + "version_value": "2.7.x, 2.8.x, 2.9.x" } ] } @@ -47,6 +47,11 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738", "refsource": "CONFIRM" + }, + { + "url": "https://github.com/ansible/ansible/issues/67796", + "name": "https://github.com/ansible/ansible/issues/67796", + "refsource": "CONFIRM" } ] }, @@ -54,7 +59,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file." + "value": "A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable." } ] }, From 8c39725c61912279f6b68d2f86fcf96720e4cb98 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Mar 2020 15:01:25 +0000 Subject: [PATCH 144/144] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10125.json | 48 ++++++++++++++++++++- 2018/13xxx/CVE-2018-13060.json | 53 ++++++++++++++++++++++- 2018/13xxx/CVE-2018-13063.json | 53 ++++++++++++++++++++++- 2018/21xxx/CVE-2018-21037.json | 18 ++++++++ 2019/14xxx/CVE-2019-14512.json | 77 ++++++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14887.json | 7 ++-- 2019/19xxx/CVE-2019-19208.json | 66 ++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19209.json | 66 ++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19210.json | 66 ++++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19211.json | 66 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10557.json | 61 ++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10562.json | 5 +++ 2020/10xxx/CVE-2020-10563.json | 5 +++ 2020/1xxx/CVE-2020-1711.json | 5 +++ 2020/1xxx/CVE-2020-1753.json | 7 ++-- 2020/8xxx/CVE-2020-8608.json | 5 +++ 16 files changed, 566 insertions(+), 42 deletions(-) create mode 100644 2018/21xxx/CVE-2018-21037.json create mode 100644 2019/14xxx/CVE-2019-14512.json diff --git a/2018/10xxx/CVE-2018-10125.json b/2018/10xxx/CVE-2018-10125.json index 1c102c5f4b8..c06317e361f 100644 --- a/2018/10xxx/CVE-2018-10125.json +++ b/2018/10xxx/CVE-2018-10125.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10125", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Contao before 4.5.7 has XSS in the system log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html", + "url": "https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html" } ] } diff --git a/2018/13xxx/CVE-2018-13060.json b/2018/13xxx/CVE-2018-13060.json index a8ccb85a114..bf03756382f 100644 --- a/2018/13xxx/CVE-2018-13060.json +++ b/2018/13xxx/CVE-2018-13060.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-13060", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sysdream.com/news/lab/", + "refsource": "MISC", + "name": "https://sysdream.com/news/lab/" + }, + { + "refsource": "MISC", + "name": "https://sysdream.com/news/lab/2019-10-25-cve-2018-13060-easy-appointments-captcha-bypass/", + "url": "https://sysdream.com/news/lab/2019-10-25-cve-2018-13060-easy-appointments-captcha-bypass/" } ] } diff --git a/2018/13xxx/CVE-2018-13063.json b/2018/13xxx/CVE-2018-13063.json index eb1bfaef082..084b202e16c 100644 --- a/2018/13xxx/CVE-2018-13063.json +++ b/2018/13xxx/CVE-2018-13063.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-13063", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sysdream.com/news/lab/", + "refsource": "MISC", + "name": "https://sysdream.com/news/lab/" + }, + { + "refsource": "MISC", + "name": "https://sysdream.com/news/lab/2019-10-25-cve-2018-13063-easy-appointments-multiple-confidential-information-leakage/", + "url": "https://sysdream.com/news/lab/2019-10-25-cve-2018-13063-easy-appointments-multiple-confidential-information-leakage/" } ] } diff --git a/2018/21xxx/CVE-2018-21037.json b/2018/21xxx/CVE-2018-21037.json new file mode 100644 index 00000000000..f954b0095a2 --- /dev/null +++ b/2018/21xxx/CVE-2018-21037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-21037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14512.json b/2019/14xxx/CVE-2019-14512.json new file mode 100644 index 00000000000..14c2d2b6a08 --- /dev/null +++ b/2019/14xxx/CVE-2019-14512.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.limesurvey.org/", + "refsource": "MISC", + "name": "https://www.limesurvey.org/" + }, + { + "url": "https://www.linkedin.com/in/michelecisternino/", + "refsource": "MISC", + "name": "https://www.linkedin.com/in/michelecisternino/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/LimeSurvey/LimeSurvey/commit/f2566f6978a77e3f0870079c45cda1c065a58a73", + "url": "https://github.com/LimeSurvey/LimeSurvey/commit/f2566f6978a77e3f0870079c45cda1c065a58a73" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/LimeSurvey/LimeSurvey/commit/0b7391dff91b326284ca3fc5188b768b5d522d88", + "url": "https://github.com/LimeSurvey/LimeSurvey/commit/0b7391dff91b326284ca3fc5188b768b5d522d88" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14887.json b/2019/14xxx/CVE-2019-14887.json index 9600d8e363b..7daa35cde2e 100644 --- a/2019/14xxx/CVE-2019-14887.json +++ b/2019/14xxx/CVE-2019-14887.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14887", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -59,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable." + "value": "A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable." } ] }, @@ -73,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19208.json b/2019/19xxx/CVE-2019-19208.json index f3c1e09c90e..df8d400cedd 100644 --- a/2019/19xxx/CVE-2019-19208.json +++ b/2019/19xxx/CVE-2019-19208.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19208", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19208", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Codiad Web IDE through 2.8.4 allows PHP Code injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Codiad/Codiad/commits/master", + "refsource": "MISC", + "name": "https://github.com/Codiad/Codiad/commits/master" + }, + { + "url": "https://herolab.usd.de/en/security-advisories/", + "refsource": "MISC", + "name": "https://herolab.usd.de/en/security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://herolab.usd.de/security-advisories/usd-2019-0049/", + "url": "https://herolab.usd.de/security-advisories/usd-2019-0049/" } ] } diff --git a/2019/19xxx/CVE-2019-19209.json b/2019/19xxx/CVE-2019-19209.json index 51afb77598c..adfaa0961c3 100644 --- a/2019/19xxx/CVE-2019-19209.json +++ b/2019/19xxx/CVE-2019-19209.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19209", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19209", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dolibarr ERP/CRM before 10.0.3 allows SQL Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dolibarr.org/forum/dolibarr-changelogs", + "refsource": "MISC", + "name": "https://www.dolibarr.org/forum/dolibarr-changelogs" + }, + { + "url": "https://herolab.usd.de/en/security-advisories/", + "refsource": "MISC", + "name": "https://herolab.usd.de/en/security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://herolab.usd.de/security-advisories/usd-2019-0051/", + "url": "https://herolab.usd.de/security-advisories/usd-2019-0051/" } ] } diff --git a/2019/19xxx/CVE-2019-19210.json b/2019/19xxx/CVE-2019-19210.json index c69d7749973..2bd2deae155 100644 --- a/2019/19xxx/CVE-2019-19210.json +++ b/2019/19xxx/CVE-2019-19210.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19210", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19210", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dolibarr.org/forum/dolibarr-changelogs", + "refsource": "MISC", + "name": "https://www.dolibarr.org/forum/dolibarr-changelogs" + }, + { + "url": "https://herolab.usd.de/en/security-advisories/", + "refsource": "MISC", + "name": "https://herolab.usd.de/en/security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://herolab.usd.de/security-advisories/usd-2019-0052/", + "url": "https://herolab.usd.de/security-advisories/usd-2019-0052/" } ] } diff --git a/2019/19xxx/CVE-2019-19211.json b/2019/19xxx/CVE-2019-19211.json index d8cd10026b8..e428e78730a 100644 --- a/2019/19xxx/CVE-2019-19211.json +++ b/2019/19xxx/CVE-2019-19211.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19211", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19211", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dolibarr.org/forum/dolibarr-changelogs", + "refsource": "MISC", + "name": "https://www.dolibarr.org/forum/dolibarr-changelogs" + }, + { + "url": "https://herolab.usd.de/en/security-advisories/", + "refsource": "MISC", + "name": "https://herolab.usd.de/en/security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://herolab.usd.de/en/security-advisories/usd-2019-0053/", + "url": "https://herolab.usd.de/en/security-advisories/usd-2019-0053/" } ] } diff --git a/2020/10xxx/CVE-2020-10557.json b/2020/10xxx/CVE-2020-10557.json index 1e969e9237f..f820a08e0c6 100644 --- a/2020/10xxx/CVE-2020-10557.json +++ b/2020/10xxx/CVE-2020-10557.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10557", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10557", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/projects/acontent/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/acontent/" + }, + { + "refsource": "MISC", + "name": "https://github.com/cinzinga/CVEs/tree/master/CVE-2020-10557", + "url": "https://github.com/cinzinga/CVEs/tree/master/CVE-2020-10557" } ] } diff --git a/2020/10xxx/CVE-2020-10562.json b/2020/10xxx/CVE-2020-10562.json index 28ee46e263e..2465d22bfa8 100644 --- a/2020/10xxx/CVE-2020-10562.json +++ b/2020/10xxx/CVE-2020-10562.json @@ -61,6 +61,11 @@ "url": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8", "refsource": "MISC", "name": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8" + }, + { + "refsource": "MISC", + "name": "https://github.com/skr0x/CVE/tree/master/CVE-2020-10562", + "url": "https://github.com/skr0x/CVE/tree/master/CVE-2020-10562" } ] } diff --git a/2020/10xxx/CVE-2020-10563.json b/2020/10xxx/CVE-2020-10563.json index 71d73702280..d434e1ab645 100644 --- a/2020/10xxx/CVE-2020-10563.json +++ b/2020/10xxx/CVE-2020-10563.json @@ -61,6 +61,11 @@ "url": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8", "refsource": "MISC", "name": "https://github.com/JeromeDevome/GRR/commit/2c6edacd9e15c75a0c2ef472470481ffb6edc7d8" + }, + { + "refsource": "MISC", + "name": "https://cvecps.mitre.org/cps/workitems/create/?cveId=CVE-2020-10563", + "url": "https://cvecps.mitre.org/cps/workitems/create/?cveId=CVE-2020-10563" } ] } diff --git a/2020/1xxx/CVE-2020-1711.json b/2020/1xxx/CVE-2020-1711.json index 77f0670be36..1007172a044 100644 --- a/2020/1xxx/CVE-2020-1711.json +++ b/2020/1xxx/CVE-2020-1711.json @@ -83,6 +83,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0731", "url": "https://access.redhat.com/errata/RHSA-2020:0731" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200316 [SECURITY] [DLA 2144-1] qemu security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html" } ] }, diff --git a/2020/1xxx/CVE-2020-1753.json b/2020/1xxx/CVE-2020-1753.json index c50a738abfc..b22632e550d 100644 --- a/2020/1xxx/CVE-2020-1753.json +++ b/2020/1xxx/CVE-2020-1753.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1753", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -70,7 +71,7 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753", "refsource": "CONFIRM" }, - { + { "url": "https://github.com/ansible-collections/kubernetes/pull/51", "name": "https://github.com/ansible-collections/kubernetes/pull/51", "refsource": "CONFIRM" @@ -95,4 +96,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8608.json b/2020/8xxx/CVE-2020-8608.json index 54e60959fa4..0d24604c7f0 100644 --- a/2020/8xxx/CVE-2020-8608.json +++ b/2020/8xxx/CVE-2020-8608.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200313 [SECURITY] [DLA 2142-1] slirp security update", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00015.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200316 [SECURITY] [DLA 2144-1] qemu security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html" } ] }