From 2d9e15d6819e25e8b7f75697f3650faa7a7dcf47 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 18 Feb 2020 16:01:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10792.json | 55 +++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10793.json | 55 +++++++++++++++++++++++-- 2019/10xxx/CVE-2019-10794.json | 50 +++++++++++++++++++++-- 2019/10xxx/CVE-2019-10795.json | 55 +++++++++++++++++++++++-- 2019/15xxx/CVE-2019-15875.json | 74 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16865.json | 5 +++ 2019/17xxx/CVE-2019-17626.json | 5 +++ 2019/18xxx/CVE-2019-18352.json | 65 +++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19911.json | 5 +++ 2019/5xxx/CVE-2019-5613.json | 58 ++++++++++++++++++++++---- 2020/5xxx/CVE-2020-5310.json | 5 +++ 2020/5xxx/CVE-2020-5311.json | 5 +++ 2020/5xxx/CVE-2020-5312.json | 5 +++ 2020/5xxx/CVE-2020-5313.json | 5 +++ 2020/7xxx/CVE-2020-7450.json | 62 ++++++++++++++++++++++++++-- 15 files changed, 487 insertions(+), 22 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15875.json create mode 100644 2019/18xxx/CVE-2019-18352.json diff --git a/2019/10xxx/CVE-2019-10792.json b/2019/10xxx/CVE-2019-10792.json index 2449ed8dcf5..1e2de220262 100644 --- a/2019/10xxx/CVE-2019-10792.json +++ b/2019/10xxx/CVE-2019-10792.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Snyk", + "product": { + "product_data": [ + { + "product_name": "bodymen", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 1.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/diegohaz/bodymen/commit/5d52e8cf360410ee697afd90937e6042c3a8653b", + "url": "https://github.com/diegohaz/bodymen/commit/5d52e8cf360410ee697afd90937e6042c3a8653b" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-BODYMEN-548897", + "url": "https://snyk.io/vuln/SNYK-JS-BODYMEN-548897" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload." } ] } diff --git a/2019/10xxx/CVE-2019-10793.json b/2019/10xxx/CVE-2019-10793.json index b96b4abe71c..f057731f0a0 100644 --- a/2019/10xxx/CVE-2019-10793.json +++ b/2019/10xxx/CVE-2019-10793.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10793", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Snyk", + "product": { + "product_data": [ + { + "product_name": "dot-object", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 2.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/rhalff/dot-object/commit/f76cff5fe6d01d30ce110d8f454db2e5bd28a7de", + "url": "https://github.com/rhalff/dot-object/commit/f76cff5fe6d01d30ce110d8f454db2e5bd28a7de" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-DOTOBJECT-548905", + "url": "https://snyk.io/vuln/SNYK-JS-DOTOBJECT-548905" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload." } ] } diff --git a/2019/10xxx/CVE-2019-10794.json b/2019/10xxx/CVE-2019-10794.json index 59971bc405e..d99fd0bdfb4 100644 --- a/2019/10xxx/CVE-2019-10794.json +++ b/2019/10xxx/CVE-2019-10794.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10794", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Snyk", + "product": { + "product_data": [ + { + "product_name": "component-flatten", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://snyk.io/vuln/SNYK-JS-COMPONENTFLATTEN-548907", + "url": "https://snyk.io/vuln/SNYK-JS-COMPONENTFLATTEN-548907" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload." } ] } diff --git a/2019/10xxx/CVE-2019-10795.json b/2019/10xxx/CVE-2019-10795.json index 8c324507d60..993f5539ea5 100644 --- a/2019/10xxx/CVE-2019-10795.json +++ b/2019/10xxx/CVE-2019-10795.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10795", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Snyk", + "product": { + "product_data": [ + { + "product_name": "undefsafe", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 2.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-UNDEFSAFE-548940", + "url": "https://snyk.io/vuln/SNYK-JS-UNDEFSAFE-548940" + }, + { + "refsource": "MISC", + "name": "https://github.com/remy/undefsafe/commit/f272681b3a50e2c4cbb6a8533795e1453382c822", + "url": "https://github.com/remy/undefsafe/commit/f272681b3a50e2c4cbb6a8533795e1453382c822" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload." } ] } diff --git a/2019/15xxx/CVE-2019-15875.json b/2019/15xxx/CVE-2019-15875.json new file mode 100644 index 00000000000..a49c048127b --- /dev/null +++ b/2019/15xxx/CVE-2019-15875.json @@ -0,0 +1,74 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15875", + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "12.1-STABLE before r354734" + }, + { + "version_value": "12.1-RELEASE before 12.1-RELEASE-p2" + }, + { + "version_value": "12.0-RELEASE before 12.0-RELEASE-p13" + }, + { + "version_value": "11.3-STABLE before r354735" + }, + { + "version_value": "11.3-RELEASE before 11.3-RELEASE-p6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Kernel information exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack." + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16865.json b/2019/16xxx/CVE-2019-16865.json index b3abb7b3cda..59459831e25 100644 --- a/2019/16xxx/CVE-2019-16865.json +++ b/2019/16xxx/CVE-2019-16865.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-19a161d540", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4272-1", + "url": "https://usn.ubuntu.com/4272-1/" } ] } diff --git a/2019/17xxx/CVE-2019-17626.json b/2019/17xxx/CVE-2019-17626.json index 06f0738cf6f..fa4d669efd5 100644 --- a/2019/17xxx/CVE-2019-17626.json +++ b/2019/17xxx/CVE-2019-17626.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0160", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4273-1", + "url": "https://usn.ubuntu.com/4273-1/" } ] } diff --git a/2019/18xxx/CVE-2019-18352.json b/2019/18xxx/CVE-2019-18352.json new file mode 100644 index 00000000000..c3f7ce17e22 --- /dev/null +++ b/2019/18xxx/CVE-2019-18352.json @@ -0,0 +1,65 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/de-de/advisories/vde-2019-020", + "refsource": "MISC", + "name": "https://cert.vde.com/de-de/advisories/vde-2019-020" + } + ] + }, + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19911.json b/2019/19xxx/CVE-2019-19911.json index ad52c316f37..7c67646d3e7 100644 --- a/2019/19xxx/CVE-2019-19911.json +++ b/2019/19xxx/CVE-2019-19911.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html", "url": "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4272-1", + "url": "https://usn.ubuntu.com/4272-1/" } ] } diff --git a/2019/5xxx/CVE-2019-5613.json b/2019/5xxx/CVE-2019-5613.json index b87a2e3cca9..aa1b88f4985 100644 --- a/2019/5xxx/CVE-2019-5613.json +++ b/2019/5xxx/CVE-2019-5613.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5613", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5613", + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "12.0 before 12.0-RELEASE-p13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper check for unusual conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.asc" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated." } ] } diff --git a/2020/5xxx/CVE-2020-5310.json b/2020/5xxx/CVE-2020-5310.json index c8d84edfe5e..4f17f3c4427 100644 --- a/2020/5xxx/CVE-2020-5310.json +++ b/2020/5xxx/CVE-2020-5310.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-df444e464e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4272-1", + "url": "https://usn.ubuntu.com/4272-1/" } ] } diff --git a/2020/5xxx/CVE-2020-5311.json b/2020/5xxx/CVE-2020-5311.json index ed58e874c25..3ea16ad752a 100644 --- a/2020/5xxx/CVE-2020-5311.json +++ b/2020/5xxx/CVE-2020-5311.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-df444e464e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4272-1", + "url": "https://usn.ubuntu.com/4272-1/" } ] } diff --git a/2020/5xxx/CVE-2020-5312.json b/2020/5xxx/CVE-2020-5312.json index 283681bbaf2..7c38731f51a 100644 --- a/2020/5xxx/CVE-2020-5312.json +++ b/2020/5xxx/CVE-2020-5312.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-df444e464e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4272-1", + "url": "https://usn.ubuntu.com/4272-1/" } ] } diff --git a/2020/5xxx/CVE-2020-5313.json b/2020/5xxx/CVE-2020-5313.json index 1e04e13eab3..e0dcbbc4b37 100644 --- a/2020/5xxx/CVE-2020-5313.json +++ b/2020/5xxx/CVE-2020-5313.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-df444e464e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4272-1", + "url": "https://usn.ubuntu.com/4272-1/" } ] } diff --git a/2020/7xxx/CVE-2020-7450.json b/2020/7xxx/CVE-2020-7450.json index 7b74f0e7dd5..76b7b83a313 100644 --- a/2020/7xxx/CVE-2020-7450.json +++ b/2020/7xxx/CVE-2020-7450.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7450", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "12.1-STABLE before r357213" + }, + { + "version_value": "12.1-RELEASE before 12.1-RELEASE-p2" + }, + { + "version_value": "12.0-RELEASE before 12.0-RELEASE-p13" + }, + { + "version_value": "11.3-STABLE before r357214" + }, + { + "version_value": "11.3-RELEASE before 11.3-RELEASE-p6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:01.libfetch.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:01.libfetch.asc" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution." } ] }