From 225c714698e08fbec73d9348213f171d8db1af59 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 9 Jun 2020 13:01:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/0xxx/CVE-2019-0319.json | 5 +++ 2020/10xxx/CVE-2020-10757.json | 60 ++++++++++++++++++++++++++++++++-- 2020/10xxx/CVE-2020-10761.json | 9 +++-- 2020/13xxx/CVE-2020-13975.json | 18 ++++++++++ 2020/7xxx/CVE-2020-7646.json | 8 ++--- 5 files changed, 90 insertions(+), 10 deletions(-) create mode 100644 2020/13xxx/CVE-2020-13975.json diff --git a/2019/0xxx/CVE-2019-0319.json b/2019/0xxx/CVE-2019-0319.json index a2d46993cd9..f355873eed5 100644 --- a/2019/0xxx/CVE-2019-0319.json +++ b/2019/0xxx/CVE-2019-0319.json @@ -94,6 +94,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html", "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html" + }, + { + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2911267", + "url": "https://launchpad.support.sap.com/#/notes/2911267" } ] } diff --git a/2020/10xxx/CVE-2020-10757.json b/2020/10xxx/CVE-2020-10757.json index 58b46fdfb6d..2a6d6ca14dd 100644 --- a/2020/10xxx/CVE-2020-10757.json +++ b/2020/10xxx/CVE-2020-10757.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "All versions after 4.5-rc1." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/06/04/4", + "url": "https://www.openwall.com/lists/oss-security/2020/06/04/4" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9" + }, + { + "refsource": "REDHAT", + "name": "Red Hat", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842525" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system." } ] } diff --git a/2020/10xxx/CVE-2020-10761.json b/2020/10xxx/CVE-2020-10761.json index 346b7fe1ee5..2b277835b8a 100644 --- a/2020/10xxx/CVE-2020-10761.json +++ b/2020/10xxx/CVE-2020-10761.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10761", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,7 +45,9 @@ "references": { "reference_data": [ { - "url": "https://www.openwall.com/lists/oss-security/2020/06/09/1" + "url": "https://www.openwall.com/lists/oss-security/2020/06/09/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/06/09/1" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761", @@ -71,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13975.json b/2020/13xxx/CVE-2020-13975.json new file mode 100644 index 00000000000..41fd36927ff --- /dev/null +++ b/2020/13xxx/CVE-2020-13975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-13975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7646.json b/2020/7xxx/CVE-2020-7646.json index b2e199aae9b..fedc84522ff 100644 --- a/2020/7xxx/CVE-2020-7646.json +++ b/2020/7xxx/CVE-2020-7646.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "Command Injection" + "value": "Arbitrary File Read" } ] } @@ -51,8 +51,8 @@ }, { "refsource": "MISC", - "name": "https://github.com/node-js-libs/curlrequest/blob/master/index.js#L232", - "url": "https://github.com/node-js-libs/curlrequest/blob/master/index.js#L232" + "name": "https://github.com/node-js-libs/curlrequest/blob/master/index.js#L239,", + "url": "https://github.com/node-js-libs/curlrequest/blob/master/index.js#L239," } ] }, @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "curlrequest through 1.0.1 allows execution of arbitrary commands.It is possible to inject arbitrary commands by using a semicolon char in any of the `options` values." + "value": "curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input." } ] }