From 178fa4140bc0af2d81e876f269e33e0ba3a4d7ba Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 5 Jun 2020 15:01:21 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10543.json | 7 ++- 2020/10xxx/CVE-2020-10878.json | 7 ++- 2020/11xxx/CVE-2020-11975.json | 50 +++++++++++++++++-- 2020/12xxx/CVE-2020-12723.json | 76 +++++++++++++++++++++++++--- 2020/1xxx/CVE-2020-1883.json | 82 ++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9074.json | 91 ++++++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9859.json | 84 +++++++++++++++++++++++++++++-- 7 files changed, 377 insertions(+), 20 deletions(-) diff --git a/2020/10xxx/CVE-2020-10543.json b/2020/10xxx/CVE-2020-10543.json index 3f17c89cee9..0921f992a53 100644 --- a/2020/10xxx/CVE-2020-10543.json +++ b/2020/10xxx/CVE-2020-10543.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Perl before 5.30.3 on 32-bit platforms allows heap memory corruption because nested regular expression quantifiers have an integer overflow." + "value": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow." } ] }, @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3", "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod", + "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod" } ] } diff --git a/2020/10xxx/CVE-2020-10878.json b/2020/10xxx/CVE-2020-10878.json index f10dad3f7f1..50768d9887f 100644 --- a/2020/10xxx/CVE-2020-10878.json +++ b/2020/10xxx/CVE-2020-10878.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Perl before 5.30.3 has an overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation." + "value": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection." } ] }, @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c", "url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod", + "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod" } ] } diff --git a/2020/11xxx/CVE-2020-11975.json b/2020/11xxx/CVE-2020-11975.json index 5b86caa02a1..60e1b6357b3 100644 --- a/2020/11xxx/CVE-2020-11975.json +++ b/2020/11xxx/CVE-2020-11975.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11975", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Unomi", + "version": { + "version_data": [ + { + "version_value": "Apache Unomi 1.0.0 to 1.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://unomi.apache.org/security/cve-2020-11975.txt", + "url": "http://unomi.apache.org/security/cve-2020-11975.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process." } ] } diff --git a/2020/12xxx/CVE-2020-12723.json b/2020/12xxx/CVE-2020-12723.json index c467394075e..b756a6c906b 100644 --- a/2020/12xxx/CVE-2020-12723.json +++ b/2020/12xxx/CVE-2020-12723.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12723", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12723", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Perl/perl5/issues/16947", + "refsource": "MISC", + "name": "https://github.com/Perl/perl5/issues/16947" + }, + { + "url": "https://github.com/Perl/perl5/issues/17743", + "refsource": "MISC", + "name": "https://github.com/Perl/perl5/issues/17743" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3", + "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod", + "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a", + "url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a" } ] } diff --git a/2020/1xxx/CVE-2020-1883.json b/2020/1xxx/CVE-2020-1883.json index a37e4b1e098..aa0ae3c9a9c 100644 --- a/2020/1xxx/CVE-2020-1883.json +++ b/2020/1xxx/CVE-2020-1883.json @@ -4,14 +4,90 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NIP6800", + "version": { + "version_data": [ + { + "version_value": "V500R001C60SPC500" + } + ] + } + }, + { + "product_name": "Secospace USG6600", + "version": { + "version_data": [ + { + "version_value": "V500R001C30SPC200" + }, + { + "version_value": "V500R001C30SPC600" + }, + { + "version_value": "V500R001C60SPC500" + } + ] + } + }, + { + "product_name": "USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30SPC200" + }, + { + "version_value": "V500R001C30SPC600" + }, + { + "version_value": "V500R001C60SPC500" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200603-01-memory-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200603-01-memory-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal." } ] } diff --git a/2020/9xxx/CVE-2020-9074.json b/2020/9xxx/CVE-2020-9074.json index 41766c767a2..7aa830727fe 100644 --- a/2020/9xxx/CVE-2020-9074.json +++ b/2020/9xxx/CVE-2020-9074.json @@ -4,14 +4,99 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9074", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HONOR 20 PRO", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.0.194(C432E9R5P1)" + }, + { + "version_value": "Versions earlier than 10.0.0.194(C636E3R3P1)" + }, + { + "version_value": "Versions earlier than 10.0.0.194(C00E62R8P12)" + }, + { + "version_value": "Versions earlier than 10.0.0.194(C10E3R3P2)" + } + ] + } + }, + { + "product_name": "Honor View 20", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.0.200(C185E3R3P3)" + }, + { + "version_value": "Versions earlier than 10.0.0.201(C636E3R4P3)" + }, + { + "version_value": "Versions earlier than 10.0.0.195(C00E62R4P11)" + }, + { + "version_value": "Versions earlier than 10.0.0.201(C10E5R4P3)" + } + ] + } + }, + { + "product_name": "HONOR 20", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.0.186(C185E2R2P1)" + }, + { + "version_value": "Versions earlier than 10.0.0.194(C432E9R5P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Handling of Exceptional Condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200603-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200603-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones." } ] } diff --git a/2020/9xxx/CVE-2020-9859.json b/2020/9xxx/CVE-2020-9859.json index f1f3794abc9..faa3dfe0d63 100644 --- a/2020/9xxx/CVE-2020-9859.json +++ b/2020/9xxx/CVE-2020-9859.json @@ -4,14 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9859", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "iOS 13.5.1 and iPadOS 13.5.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.5 Supplemental Update" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "tvOS 13.4.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "watchOS 6.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An application may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT211214", + "refsource": "MISC", + "name": "https://support.apple.com/HT211214" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges." } ] }