From 1fdd0d32a07013dc76cb5d36f298ef067b058ce9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 11 Sep 2020 15:01:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/7xxx/CVE-2017-7876.json | 34 +++++----- 2018/19xxx/CVE-2018-19946.json | 5 +- 2018/19xxx/CVE-2018-19947.json | 5 +- 2018/19xxx/CVE-2018-19948.json | 5 +- 2020/25xxx/CVE-2020-25274.json | 18 +++++ 2020/25xxx/CVE-2020-25275.json | 18 +++++ 2020/3xxx/CVE-2020-3656.json | 118 ++++++++++++++++----------------- 2020/3xxx/CVE-2020-3674.json | 118 ++++++++++++++++----------------- 8 files changed, 178 insertions(+), 143 deletions(-) create mode 100644 2020/25xxx/CVE-2020-25274.json create mode 100644 2020/25xxx/CVE-2020-25275.json diff --git a/2017/7xxx/CVE-2017-7876.json b/2017/7xxx/CVE-2017-7876.json index 55dbb5bc57e..ad2251b7639 100644 --- a/2017/7xxx/CVE-2017-7876.json +++ b/2017/7xxx/CVE-2017-7876.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@qnap.com", + "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7876", "STATE": "PUBLIC" }, @@ -11,25 +11,18 @@ "product": { "product_data": [ { - "product_name": "QTS", + "product_name": "n/a", "version": { "version_data": [ { - "platform": "build 20170517", - "version_affected": "<", - "version_value": "4.2.6" - }, - { - "platform": "build 20170503", - "version_affected": "<", - "version_value": "4.3.3.0174" + "version_value": "n/a" } ] } } ] }, - "vendor_name": "QNAP Systems Inc." + "vendor_name": "n/a" } ] } @@ -41,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions. \n" + "value": "This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions." } ] }, @@ -70,7 +63,7 @@ "description": [ { "lang": "eng", - "value": "CWE-78 OS Command Injection" + "value": "n/a" } ] } @@ -79,16 +72,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503" + "refsource": "MISC", + "url": "https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503", + "name": "https://www.qnap.com/en/release-notes/qts/4.3.3.0174/20170503" }, { - "refsource": "CONFIRM", - "url": "https://www.qnap.com/en/release-notes/qts/4.2.6/20170517" + "refsource": "MISC", + "url": "https://www.qnap.com/en/release-notes/qts/4.2.6/20170517", + "name": "https://www.qnap.com/en/release-notes/qts/4.2.6/20170517" }, { - "refsource": "CONFIRM", - "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201707-12" + "refsource": "MISC", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201707-12", + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201707-12" } ] }, diff --git a/2018/19xxx/CVE-2018-19946.json b/2018/19xxx/CVE-2018-19946.json index 821fcb6c872..b4bcdcd2114 100644 --- a/2018/19xxx/CVE-2018-19946.json +++ b/2018/19xxx/CVE-2018-19946.json @@ -87,8 +87,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-05" + "refsource": "MISC", + "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-05", + "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-05" } ] }, diff --git a/2018/19xxx/CVE-2018-19947.json b/2018/19xxx/CVE-2018-19947.json index 721fc810e68..eaf76df7bf4 100644 --- a/2018/19xxx/CVE-2018-19947.json +++ b/2018/19xxx/CVE-2018-19947.json @@ -95,8 +95,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-05" + "refsource": "MISC", + "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-05", + "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-05" } ] }, diff --git a/2018/19xxx/CVE-2018-19948.json b/2018/19xxx/CVE-2018-19948.json index 946dd278287..c030deef222 100644 --- a/2018/19xxx/CVE-2018-19948.json +++ b/2018/19xxx/CVE-2018-19948.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-05" + "refsource": "MISC", + "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-05", + "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-05" } ] }, diff --git a/2020/25xxx/CVE-2020-25274.json b/2020/25xxx/CVE-2020-25274.json new file mode 100644 index 00000000000..791e11b3937 --- /dev/null +++ b/2020/25xxx/CVE-2020-25274.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-25274", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25275.json b/2020/25xxx/CVE-2020-25275.json new file mode 100644 index 00000000000..5df214294b1 --- /dev/null +++ b/2020/25xxx/CVE-2020-25275.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-25275", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3656.json b/2020/3xxx/CVE-2020-3656.json index b3540898fb2..82da7d1921d 100644 --- a/2020/3xxx/CVE-2020-3656.json +++ b/2020/3xxx/CVE-2020-3656.json @@ -1,62 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "product-security@qualcomm.com", - "ID": "CVE-2020-3656", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", - "version": { - "version_data": [ - { - "version_value": "APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" - } - ] - } - } - ] - }, - "vendor_name": "Qualcomm, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "u'Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Buffer Copy Without Checking Size of Input in Hardware Engines" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2020-3656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin", - "refsource": "CONFIRM", - "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Hardware Engines" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3674.json b/2020/3xxx/CVE-2020-3674.json index 459237c598b..c8aa5e6261e 100644 --- a/2020/3xxx/CVE-2020-3674.json +++ b/2020/3xxx/CVE-2020-3674.json @@ -1,62 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "product-security@qualcomm.com", - "ID": "CVE-2020-3674", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", - "version": { - "version_data": [ - { - "version_value": "Nicobar, QCS405, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130" - } - ] - } - } - ] - }, - "vendor_name": "Qualcomm, Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "u'Information can leak into userspace due to improper transfer of data from kernel to userspace' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Exposure in DSP Services" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2020-3674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "Nicobar, QCS405, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin", - "refsource": "CONFIRM", - "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in DSP Services" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin" + } + ] + } } \ No newline at end of file