From 2373d525176ee1d8d3f60a6751ddc3f5a63be485 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 3 Jun 2020 13:01:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/13xxx/CVE-2018-13367.json | 11 +++++--- 2020/1xxx/CVE-2020-1963.json | 50 ++++++++++++++++++++++++++++++++-- 2020/2xxx/CVE-2020-2190.json | 3 +- 2020/2xxx/CVE-2020-2191.json | 3 +- 2020/2xxx/CVE-2020-2192.json | 3 +- 2020/2xxx/CVE-2020-2193.json | 3 +- 2020/2xxx/CVE-2020-2194.json | 3 +- 2020/2xxx/CVE-2020-2195.json | 3 +- 2020/2xxx/CVE-2020-2196.json | 3 +- 2020/2xxx/CVE-2020-2197.json | 3 +- 2020/2xxx/CVE-2020-2198.json | 3 +- 2020/2xxx/CVE-2020-2199.json | 3 +- 2020/2xxx/CVE-2020-2200.json | 3 +- 2020/7xxx/CVE-2020-7115.json | 50 ++++++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7116.json | 50 ++++++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7117.json | 50 ++++++++++++++++++++++++++++++++-- 2020/7xxx/CVE-2020-7628.json | 7 +---- 17 files changed, 218 insertions(+), 33 deletions(-) diff --git a/2018/13xxx/CVE-2018-13367.json b/2018/13xxx/CVE-2018-13367.json index 35656d7e363..1e7a654386c 100644 --- a/2018/13xxx/CVE-2018-13367.json +++ b/2018/13xxx/CVE-2018-13367.json @@ -11,15 +11,18 @@ "vendor": { "vendor_data": [ { - "vendor_name": "n/a", + "vendor_name": "Fortinet", "product": { "product_data": [ { - "product_name": "Fortinet FortiOS", + "product_name": "FortiOS", "version": { "version_data": [ { - "version_value": "FortiOS 6.2.0 and below" + "version_value": "6.2.3" + }, + { + "version_value": "6.2.0 and below" } ] } @@ -55,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "An information exposure vulnerability in FortiOS 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI." + "value": "An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI." } ] } diff --git a/2020/1xxx/CVE-2020-1963.json b/2020/1xxx/CVE-2020-1963.json index b0fef9c29a1..3bd1804a1bd 100644 --- a/2020/1xxx/CVE-2020-1963.json +++ b/2020/1xxx/CVE-2020-1963.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Ignite", + "version": { + "version_data": [ + { + "version_value": "All versions of Apache Ignite up to 2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r1933faf8a26c431f38a5f8dbbfab80254454e54e33a79be474b67dc4%40%3Cdev.ignite.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r1933faf8a26c431f38a5f8dbbfab80254454e54e33a79be474b67dc4%40%3Cdev.ignite.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem." } ] } diff --git a/2020/2xxx/CVE-2020-2190.json b/2020/2xxx/CVE-2020-2190.json index d33154c6260..9dd019eff42 100644 --- a/2020/2xxx/CVE-2020-2190.json +++ b/2020/2xxx/CVE-2020-2190.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2190", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2191.json b/2020/2xxx/CVE-2020-2191.json index 5621e17398d..8a5696e403f 100644 --- a/2020/2xxx/CVE-2020-2191.json +++ b/2020/2xxx/CVE-2020-2191.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2191", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2192.json b/2020/2xxx/CVE-2020-2192.json index 27cb0d35f14..f10a8476911 100644 --- a/2020/2xxx/CVE-2020-2192.json +++ b/2020/2xxx/CVE-2020-2192.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2192", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2193.json b/2020/2xxx/CVE-2020-2193.json index a15d5ac62a8..a98689aca86 100644 --- a/2020/2xxx/CVE-2020-2193.json +++ b/2020/2xxx/CVE-2020-2193.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2193", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2194.json b/2020/2xxx/CVE-2020-2194.json index b27b92ae30d..b24119ba2bb 100644 --- a/2020/2xxx/CVE-2020-2194.json +++ b/2020/2xxx/CVE-2020-2194.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2194", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2195.json b/2020/2xxx/CVE-2020-2195.json index 89f0e292922..764c6d23f0c 100644 --- a/2020/2xxx/CVE-2020-2195.json +++ b/2020/2xxx/CVE-2020-2195.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2195", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2196.json b/2020/2xxx/CVE-2020-2196.json index 40ad25efc4b..e790a0c403f 100644 --- a/2020/2xxx/CVE-2020-2196.json +++ b/2020/2xxx/CVE-2020-2196.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2196", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2197.json b/2020/2xxx/CVE-2020-2197.json index 2ee0b45b3b7..9a9867a0456 100644 --- a/2020/2xxx/CVE-2020-2197.json +++ b/2020/2xxx/CVE-2020-2197.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2197", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2198.json b/2020/2xxx/CVE-2020-2198.json index 127ce4765c9..3863d1234aa 100644 --- a/2020/2xxx/CVE-2020-2198.json +++ b/2020/2xxx/CVE-2020-2198.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2198", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2199.json b/2020/2xxx/CVE-2020-2199.json index d37b0511118..bee8d11da18 100644 --- a/2020/2xxx/CVE-2020-2199.json +++ b/2020/2xxx/CVE-2020-2199.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2199", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2200.json b/2020/2xxx/CVE-2020-2200.json index b03a1906308..7eb21de6e98 100644 --- a/2020/2xxx/CVE-2020-2200.json +++ b/2020/2xxx/CVE-2020-2200.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2200", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/7xxx/CVE-2020-7115.json b/2020/7xxx/CVE-2020-7115.json index f6e812aeb09..a10a2b143c4 100644 --- a/2020/7xxx/CVE-2020-7115.json +++ b/2020/7xxx/CVE-2020-7115.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "ClearPass 6.9.x prior to 6.9.1 ClearPass 6.8.x prior to 6.8.5-HF ClearPass 6.7.x prior to 6.7.13-HF" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated Remote Command Execution in the Web Interface" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher." } ] } diff --git a/2020/7xxx/CVE-2020-7116.json b/2020/7xxx/CVE-2020-7116.json index 434154e06a7..97de2da7e5d 100644 --- a/2020/7xxx/CVE-2020-7116.json +++ b/2020/7xxx/CVE-2020-7116.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "ClearPass 6.9.x prior to 6.9.1 ClearPass 6.8.x prior to 6.8.5-HF ClearPass 6.7.x prior to 6.7.13-HF" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authenticated Remote Command Execution " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher." } ] } diff --git a/2020/7xxx/CVE-2020-7117.json b/2020/7xxx/CVE-2020-7117.json index b8d88864cf0..16ea3fbb5ab 100644 --- a/2020/7xxx/CVE-2020-7117.json +++ b/2020/7xxx/CVE-2020-7117.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "ClearPass 6.9.x prior to 6.9.1 ClearPass 6.8.x prior to 6.8.5-HF ClearPass 6.7.x prior to 6.7.13-HF" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authenticated Remote Command Execution " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher." } ] } diff --git a/2020/7xxx/CVE-2020-7628.json b/2020/7xxx/CVE-2020-7628.json index a93f082fdcf..f9a426ac8ed 100644 --- a/2020/7xxx/CVE-2020-7628.json +++ b/2020/7xxx/CVE-2020-7628.json @@ -44,11 +44,6 @@ }, "references": { "reference_data": [ - { - "refsource": "MISC", - "name": "https://github.com/1000ch/install-package/blob/master/index.js#L82,", - "url": "https://github.com/1000ch/install-package/blob/master/index.js#L82," - }, { "refsource": "MISC", "name": "https://snyk.io/vuln/SNYK-JS-UMOUNT-564265", @@ -60,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "install-package through 1.1.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the device function." + "value": "umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization." } ] }