From 4d1e357ede58c36345cc0ae8197100c83be3f6be Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jul 2020 13:01:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/5xxx/CVE-2019-5024.json | 5 ++++ 2020/14xxx/CVE-2020-14511.json | 50 ++++++++++++++++++++++++++++++++-- 2020/4xxx/CVE-2020-4100.json | 50 ++++++++++++++++++++++++++++++++-- 2020/5xxx/CVE-2020-5765.json | 50 ++++++++++++++++++++++++++++++++-- 4 files changed, 146 insertions(+), 9 deletions(-) diff --git a/2019/5xxx/CVE-2019-5024.json b/2019/5xxx/CVE-2019-5024.json index a2597b32af3..9deec88b76d 100644 --- a/2019/5xxx/CVE-2019-5024.json +++ b/2019/5xxx/CVE-2019-5024.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-196-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-196-01" } ] }, diff --git a/2020/14xxx/CVE-2020-14511.json b/2020/14xxx/CVE-2020-14511.json index 29c4880b000..64f849771b3 100644 --- a/2020/14xxx/CVE-2020-14511.json +++ b/2020/14xxx/CVE-2020-14511.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EDR-G902 and EDR-G903 Series Routers", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-02", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4)." } ] } diff --git a/2020/4xxx/CVE-2020-4100.json b/2020/4xxx/CVE-2020-4100.json index d4aeb50c66c..f95a4960460 100644 --- a/2020/4xxx/CVE-2020-4100.json +++ b/2020/4xxx/CVE-2020-4100.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-4100", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "\"HCL Verse for Android\"", + "version": { + "version_data": [ + { + "version_value": "\"May 2020 Release (11.0.4) of HCL Verse Mobile for Android and older versions\"" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Dynamic code loading/injection\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly.\"" } ] } diff --git a/2020/5xxx/CVE-2020-5765.json b/2020/5xxx/CVE-2020-5765.json index c621f5e8c20..3ad394e47e6 100644 --- a/2020/5xxx/CVE-2020-5765.json +++ b/2020/5xxx/CVE-2020-5765.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5765", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tenable Nessus", + "version": { + "version_data": [ + { + "version_value": "< 8.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2020-05", + "url": "https://www.tenable.com/security/tns-2020-05" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue in Nessus 8.11.0." } ] }